Charming Kitten

Charming Kitten
Модный мишка
Formation	c. 2004–2007[1]
Type	Advanced persistent threat
Purpose	Cyberespionage, cyberwarfare
Region	Middle East
Methods	Zero-days, spearphishing, malware, Social Engineering, Watering Hole
Membership	At least 5
Official language	Persian
Parent organization	IRGC
Affiliations	Rocket Kitten APT34 APT33
Formerly called	APT35; Turk Black Hat; Ajax Security Team; Phosphorus

Charming Kitten, also called APT35 (by Mandiant), Phosphorus or Mint Sandstorm (by Microsoft),^[1] Ajax Security (by FireEye),^[2] and NewsBeef (by Kaspersky^[3]^[4]), is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

On December 15, 2017, the group was designated by FireEye as a nation state-based advanced persistent threat, regardless of the lack of its sophistication. Research conducted by FireEye in 2018 suggested that APT35 may be expanding their malware capabilities and intrusion campaigns.^[5]

The group has since been known to use phishing to impersonate company websites,^[6] as well as fake accounts and fake DNS domains to phish users' passwords.

^ "Microsoft uses court order to shut down APT35 websites". CyberScoop. March 27, 2019. Archived from the original on February 6, 2023. Retrieved September 10, 2019.
^ "Ajax Security Team lead Iran-based hacking groups". Security Affairs. May 13, 2014. Archived from the original on December 2, 2022. Retrieved September 10, 2019.
^ "Freezer Paper around Free Meat". securelist.com. April 27, 2016. Archived from the original on January 28, 2023. Retrieved September 10, 2019.
^ Bass, Dina. "Microsoft Takes on Another Hacking Group, This One With Links to Iran". news.bloomberglaw.com. Archived from the original on December 2, 2022. Retrieved September 10, 2019.
^ "OVERRULED: Containing a Potentially Destructive Adversary". FireEye. Archived from the original on September 24, 2021. Retrieved September 10, 2019.
^ "Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign". Security Affairs. July 3, 2018. Archived from the original on December 4, 2022. Retrieved September 10, 2019.

[1] "Microsoft uses court order to shut down APT35 websites". CyberScoop. March 27, 2019. Archived from the original on February 6, 2023. Retrieved September 10, 2019.

[2] "Ajax Security Team lead Iran-based hacking groups". Security Affairs. May 13, 2014. Archived from the original on December 2, 2022. Retrieved September 10, 2019.

[3] "Freezer Paper around Free Meat". securelist.com. April 27, 2016. Archived from the original on January 28, 2023. Retrieved September 10, 2019.

[4] Bass, Dina. "Microsoft Takes on Another Hacking Group, This One With Links to Iran". news.bloomberglaw.com. Archived from the original on December 2, 2022. Retrieved September 10, 2019.

[5] "OVERRULED: Containing a Potentially Destructive Adversary". FireEye. Archived from the original on September 24, 2021. Retrieved September 10, 2019.

[6] "Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign". Security Affairs. July 3, 2018. Archived from the original on December 4, 2022. Retrieved September 10, 2019.

[1]

[2]

[3]

[4]

[5]

[6]

Модный мишка
Formation	c. 2004–2007^[1]
Type	Advanced persistent threat
Purpose	Cyberespionage, cyberwarfare
Region	Middle East
Methods	Zero-days, spearphishing, malware, Social Engineering, Watering Hole
Membership	At least 5
Official language	Persian
Parent organization	IRGC
Affiliations	Rocket Kitten APT34 APT33
Formerly called	APT35 Turk Black Hat Ajax Security Team Phosphorus