Charming Kitten
Also known as: APT35, Mint Sandstorm, Phosphorus, TA453
Iranian IRGC. Credential phishing targeting dissidents and researchers.
Associated Intelligence
Iran-Linked Cyber Group Uses Ransomware Ruse
An Iranian cyber group linked to the Ministry of Intelligence and Security (MOIS) has been disguising its espionage operations as ransomware attacks. The group's tactics involve creating a ransomware-like distraction while secretly installing a backdoor for long-term access. Organizations should be cautious of suspicious ransomware demands and inspect their systems for potential backdoors.
Iran-Linked APT Impersonates Chaos Ransomware
Researchers at Rapid7 uncovered an Iranian advanced persistent threat (APT) group posing as a member of the Chaos ransomware gang in an espionage campaign. The operation targeted various organizations, potentially compromising sensitive data. Affected parties should review their security measures and monitor for suspicious activity.
Iranian Group Targets US Troops
US service members in Bahrain have been targeted by the Iranian cyber group Handala, receiving threatening WhatsApp messages claiming they would be targeted with drones and missiles. The messages appear to be a form of psychological warfare, aiming to intimidate and disrupt the troops. Individuals should be cautious of unsolicited messages and report any suspicious activity.
Fast16 Malware
A pre-Stuxnet sabotage malware called Fast16 has been discovered, which is capable of tampering with high-precision calculation software. The malware is associated with US-Iran cyber tensions and features a self-propagation mechanism. Users of affected software should take precautions to protect their systems from potential security breaches.
Iranian APT Actors Target US Infrastructure
Six US government agencies have issued a critical advisory warning of potential cyberattacks by Iranian-affiliated Advanced Persistent Threat (APT) actors on US
Iran-Linked Hackers Target ICS
The US government has warned that Iran-linked hackers are targeting Industrial Control Systems (ICS) in critical infrastructure, potentially causing disruption. This affects organizations operating in critical infrastructure sectors. Immediate action is
Iran-Linked Hackers Resume Attacks
Iran-linked hackers have vowed to revive their cyberattacks against the US, indicating that a recent ceasefire is unlikely to be sustainable. This development affects US-based organizations and individuals, who should remain vigilant and prepare for potential attacks. To