SYMBOLCOMMON_NAMEaka. SYNONYMS

Charming Kitten  (Back to overview)

aka: APT35, G0058, Group 83, Mint Sandstorm, NewsBeef, Newscaster, PHOSPHORUS, Parastoo, iKittens

Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.


Associated Families
win.unidentified_073 apk.little_looter win.downpaper win.stonedrill win.telegram_grabber win.chairsmack

References
2022-12-12SOCRadarSOCRadar
Dark Web Profile: APT42 – Iranian Cyber Espionage Group
PINEFLOWER VINETHORN VBREVSHELL BROKEYOLK CHAIRSMACK DOSTEALER GHAMBAR SILENTUPLOADER TAG-56
2022-09-26CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 3: Input/Output Controls
CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper Meteor Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-08-12CrowdStrikeIoan Iacob, Iulian Madalin Ionita
The Anatomy of Wiper Malware, Part 1: Common Techniques
Apostle CaddyWiper DEADWOOD DistTrack DoubleZero DUSTMAN HermeticWiper IsaacWiper IsraBye KillDisk Meteor Olympic Destroyer Ordinypt Petya Sierra(Alfa,Bravo, ...) StoneDrill WhisperGate ZeroCleare
2022-07-22PWC UKKrystle Reid
Old cat, new tricks, bad habits An analysis of Charming Kitten’s new tools and OPSEC errors
TelegramGrabber
2022-06-20Infinitum ITinfinitum IT
Charming Kitten (APT35)
LaZagne DownPaper MimiKatz pupy
2021-08-20YouTube (Black Hat)Allison Wikoff, Richard Emerson
The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker
LittleLooter
2021-08-04BlackHatAllison Wikoff, Richard Emerson
The Kitten that Charmed Me: The 9 Lives of a Nation State Attacker
LittleLooter
2021-08-04Security IntelligenceAllison Wikoff, Richard Emerson
ITG18: Operational Security Errors Continue to Plague Sizable Iranian Threat Group
LittleLooter
2021-02-28PWC UKPWC UK
Cyber Threats 2020: A Year in Retrospect
elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare APT10 APT23 APT27 APT31 APT41 BlackTech BRONZE EDGEWOOD Inception Framework MUSTANG PANDA Red Charon Red Nue Sea Turtle Tonto Team
2020-12-12Twitter (MalwareHunterTeam)MalwareHunterTeam
Tweet on ITG18 android implant
LittleLooter
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-03-03PWC UKPWC UK
Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare APT41 MUSTANG PANDA Sea Turtle
2020-01-30Certfa LabCertfa Lab
Fake Interview: The New Activity of Charming Kitten
Unidentified 073 (Charming Kitten)
2019-07-09WikipediaVarious
Operation Newscaster
Charming Kitten
2019-03-27MicrosoftTom Burt
New steps to protect customers from hacking
APT35 Charming Kitten Cleaver
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-02-13Department of JusticeOffice of Public Affairs
Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues
Charming Kitten
2019-01-01Council on Foreign RelationsCyber Operations Tracker
Newscaster
Charming Kitten
2019-01-01MITREMITRE ATT&CK
Group description: Charming Kitten
Charming Kitten
2018-12-14SymantecCritical Attack Discovery and Intelligence Team
Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig
2018-12-13CertfaCertfa Lab
The Return of The Charming Kitten
Charming Kitten
2018-07-03CywareSamantha Black
Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns
Charming Kitten
2017-12-05ClearSky Research Team
Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets
DownPaper
2017-12-01ClearSkyClearSky Research Team
Charming Kitten
DownPaper Charming Kitten
2017-11-19Arab NewsELISE KNUTSEN
Iranian agents blackmailed BBC reporter with ‘naked photo’ threats
Charming Kitten
2017-08-08SC MagazineDoug Olenick
HBO breach accomplished with hard work by hacker, poor security practices by victim
Charming Kitten
2017-07-27ForbesThomas Brewster
With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook
Charming Kitten
2017-03-07Kaspersky LabsKaspersky
From Shamoon to Stonedrill
Charming Kitten
2017-03-07Kaspersky LabsGReAT
FROM SHAMOON TO STONEDRILL: Wipers attacking Saudi organizations and beyond
StoneDrill
2017-02-06Iran ThreatsClaudio Guarnieri, Collin Anderson
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
MacDownloader Charming Kitten
2016-04-27Kaspersky LabsGReAT
Freezer Paper around Free Meat
Charming Kitten
2016-04-27Kaspersky LabsGReAT
Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)
Charming Kitten
2016-04-01Bundesamt für VerfassungsschutzVarious
BfV Cyber-Brief: Hinweis auf aktuelle Angriffskampagne
Charming Kitten
2014-05-29The Washington TimesCheryl K. Chumley
Iranian hackers sucker punch U.S. defense officials with creative social-media scam
Charming Kitten
2014-05-28iSIGHT Partners (FireEye)iSIGHT Partners
NEWSCASTER: An Iranian Threat Within Social Networks
Charming Kitten
2012-11-25CryptomeCryptome
Parastoo Hacks IAEA
Charming Kitten

Credits: MISP Project