Mastodawn

APT35 Sızıntısı: Siber casusluktan fiziksel suikast planlarına
#apt35 #CharmingKitten #İran #nationstate

https://webrecord.media/apt35-sizintisi-siber-casusluktan-fiziksel-suikast-planlarina/

APT35 Sızıntısı: Siber casusluktan fiziksel suikast planlarına

Aralık 2025 başı itibarıyla siber güvenlik dünyası, APT grupları özelinde son yıllardaki en büyük sızıntılarından birine tanık oldu. İran Devrim Muhafızları (IRGC) ile doğrudan bağlantılı olduğu bilinen Charming Kitten (diğer adlarıyla APT35, Phosphorus) grubuna ait operasyonel kayıtlar, çalışan bilgileri ve iç işleyiş dokümanları "KittenBusters" adıyla GitHub üzerinden sızdırıldı. Bu sızıntı,

Webrecord

The Threat Codex Nov 22

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets
#APT35 #RAT_2Ac2
https://dti.domaintools.com/threat-intelligence-report-apt35-internal-leak-of-hacking-campaigns-against-lebanon-kuwait-turkey-saudi-arabia-korea-and-domestic-iranian-targets/

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI

Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.

DomainTools Investigations | DTI

jomo Aug 19, 2025

0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

https://archive.is/QkX57

#Berlin #Badenberg #CharmingKitten #apt35

Miguel Afonso Caetano Apr 24, 2025

"The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.

"It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them," Neumann said.

Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.

The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related."

https://www.politico.eu/article/european-parliament-iran-delegation-chair-victim-tehran-linked-hacking-hannah-neumann/

#EU #Germany #Iran #CyberSecurity #StateHacking #Spyware #APT42 #APT35

European Parliament’s Iran delegation chair victim of Tehran-linked hacking

Hannah Neumann was targeted in a cyber-espionage operation by an infamous Iranian hacking group earlier this year, she said.

POLITICO

Uncle Joe Dec 27, 2024

BellaCiao,BellaCiao from the magic hound to the poor sod who's account is browned the magic that with the new year comes spies and hounds and hides it's crumbs whether social media or email links do not click if it blinks or stinks thehackernews.com/2024/12/iran... #apt35 #charmingkitten #magichound

Iran's Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware

Kaspersky uncovers BellaCPP malware by Iranian APT35, targeting systems in Asia without web shell use.

The Hacker News

🛡 [email protected]/:~#

Jan 18, 2024

"🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"

Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.

Microsoft's security blog

Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence

Mitre - APT35

New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs | Microsoft Security Blog

Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm (PHOSPHORUS) targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign, the threat actor used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files.

Microsoft Security Blog

Jessica Beffa Sep 11, 2023

#ESETresearch discovered a #backdoor we have named Sponsor, used in a #BallisticBobcat (aka Charming Kitten, #TA453, #APT35, or #PHOSPHORUS) campaign targeting various entities in Brazil, Israel, and the United Arab Emirates. Check it out: https://welivesecurity.com/en/eset-research/sponsor-batch-filed-whiskers-ballistic-bobcats-scan-strike-backdoor/

Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor

ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor.

Tarnkappe.info Apr 29, 2023

📬 PowerLess: Malware hat es jetzt auch auf Telegram-Daten abgesehen
#Cyberangriffe #Kurznotiert #Malware #APT35 #APT42 #CharmingKitten #CheckPointResearch #EducatedManticore #MintSandstorm #Phosphorus #PowerLess #TA453 #Telegram https://tarnkappe.info/artikel/it-sicherheit/malware/powerless-malware-hat-es-jetzt-auch-auf-telegram-daten-abgesehen-273696.html

PowerLess: Malware hat es jetzt auch auf Telegram-Daten abgesehen

PowerLess kann unter anderem Nutzerdaten aus der Telegram-Desktopanwendung stehlen, Screenshots anfertigen und ist sehr schwer zu entdecken.

Tarnkappe.info

Show thread

Yoshi

Nov 7, 2022

Most controversial opinions…

Avocados (and Guac) are gross.
Coffee is overrrated.
#APT35 is not #CharmingKitten.

ITSEC News Oct 28, 2020

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees - The Phosphorous APT has launched successful attacks against world leaders who are attending the Mu... https://threatpost.com/microsoft-iranian-apt-t20-summit-munich-security-conference/160654/ #munichsecurityconference #thethink20summit #vulnerabilities #charmingkitten #phosphorousapt #websecurity #microsoft #apt35 #t20

Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.

Threatpost - English - Global - threatpost.com