SYMBOLCOMMON_NAMEaka. SYNONYMS

Charming Kitten  (Back to overview)

aka: Newscaster, Parastoo, iKittens, Group 83, Newsbeef, NewsBeef

Charming Kitten (aka Parastoo, aka Newscaster) is an group with a suspected nexus to Iran that targets organizations involved in government, defense technology, military, and diplomacy sectors.


Associated Families
win.downpaper win.stonedrill win.unidentified_073

References
2020-03-04CrowdStrikeCrowdStrike
@techreport{crowdstrike:20200304:2020:818c85f, author = {CrowdStrike}, title = {{2020 CrowdStrike Global Threat Report}}, date = {2020-03-04}, institution = {CrowdStrike}, url = {https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020CrowdStrikeGlobalThreatReport.pdf}, language = {English}, urldate = {2020-03-04} } 2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Judgment Panda Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER
2020-03-03PWC UKPWC UK
@techreport{uk:20200303:cyber:1f1eef0, author = {PWC UK}, title = {{Cyber Threats 2019:A Year in Retrospect}}, date = {2020-03-03}, institution = {PWC UK}, url = {https://www.pwc.co.uk/cyber-security/assets/cyber-threats-2019-retrospect.pdf}, language = {English}, urldate = {2020-03-03} } Cyber Threats 2019:A Year in Retrospect
KevDroid MESSAGETAP magecart AndroMut Cobalt Strike CobInt Crimson RAT DNSpionage Dridex Dtrack Emotet FlawedAmmyy FlawedGrace FriedEx Gandcrab Get2 GlobeImposter Grateful POS ISFB Kazuar LockerGoga Nokki QakBot Ramnit REvil Rifdoor RokRAT Ryuk shadowhammer ShadowPad Shifu Skipper StoneDrill Stuxnet TrickBot Winnti ZeroCleare
2020-01-30Certfa LabCertfa Lab
@online{lab:20200130:fake:8ef4342, author = {Certfa Lab}, title = {{Fake Interview: The New Activity of Charming Kitten}}, date = {2020-01-30}, organization = {Certfa Lab}, url = {https://blog.certfa.com/posts/fake-interview-the-new-activity-of-charming-kitten/}, language = {English}, urldate = {2020-03-03} } Fake Interview: The New Activity of Charming Kitten
Unidentified 073 (Charming Kitten)
2019-07-09WikipediaVarious
@online{various:20190709:operation:114fafe, author = {Various}, title = {{Operation Newscaster}}, date = {2019-07-09}, organization = {Wikipedia}, url = {https://en.wikipedia.org/wiki/Operation_Newscaster}, language = {English}, urldate = {2020-01-09} } Operation Newscaster
Charming Kitten
2019-03-27SymantecCritical Attack Discovery and Intelligence Team
@online{team:20190327:elfin:d90a330, author = {Critical Attack Discovery and Intelligence Team}, title = {{Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.}}, date = {2019-03-27}, organization = {Symantec}, url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/elfin-apt33-espionage}, language = {English}, urldate = {2020-04-21} } Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.
DarkComet MimiKatz Nanocore RAT NetWire RC pupy Quasar RAT Remcos StoneDrill TURNEDUP APT33
2019-03-27MicrosoftTom Burt
@online{burt:20190327:new:9ba6b3b, author = {Tom Burt}, title = {{New steps to protect customers from hacking}}, date = {2019-03-27}, organization = {Microsoft}, url = {https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/}, language = {English}, urldate = {2020-01-13} } New steps to protect customers from hacking
Charming Kitten Cleaver
2019-02-13Department of JusticeOffice of Public Affairs
@online{affairs:20190213:former:3518c47, author = {Office of Public Affairs}, title = {{Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues}}, date = {2019-02-13}, organization = {Department of Justice}, url = {https://www.justice.gov/opa/pr/former-us-counterintelligence-agent-charged-espionage-behalf-iran-four-iranians-charged-cyber}, language = {English}, urldate = {2019-10-14} } Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues
Charming Kitten
2019Council on Foreign RelationsCyber Operations Tracker
@online{tracker:2019:newscaster:96f9778, author = {Cyber Operations Tracker}, title = {{Newscaster}}, date = {2019}, organization = {Council on Foreign Relations}, url = {https://www.cfr.org/interactive/cyber-operations/newscaster}, language = {English}, urldate = {2019-12-20} } Newscaster
Charming Kitten
2019MITREMITRE ATT&CK
@online{attck:2019:charming:f900c21, author = {MITRE ATT&CK}, title = {{Group description: Charming Kitten}}, date = {2019}, organization = {MITRE}, url = {https://attack.mitre.org/groups/G0058/}, language = {English}, urldate = {2019-12-20} } Group description: Charming Kitten
Charming Kitten
2018-12-14SymantecCritical Attack Discovery and Intelligence Team
@online{team:20181214:shamoon:1f24fa5, author = {Critical Attack Discovery and Intelligence Team}, title = {{Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail}}, date = {2018-12-14}, organization = {Symantec}, url = {https://symantec-blogs.broadcom.com/blogs/threat-intelligence/shamoon-destructive-threat-re-emerges-new-sting-its-tail}, language = {English}, urldate = {2020-04-21} } Shamoon: Destructive Threat Re-Emerges with New Sting in its Tail
DistTrack Filerase StoneDrill OilRig
2018-12-13CertfaCertfa Lab
@online{lab:20181213:return:786b4e0, author = {Certfa Lab}, title = {{The Return of The Charming Kitten}}, date = {2018-12-13}, organization = {Certfa}, url = {https://blog.certfa.com/posts/the-return-of-the-charming-kitten/}, language = {English}, urldate = {2020-01-13} } The Return of The Charming Kitten
Charming Kitten
2018-07-03CywareSamantha Black
@online{black:20180703:iranian:2e94ec4, author = {Samantha Black}, title = {{Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns}}, date = {2018-07-03}, organization = {Cyware}, url = {https://cyware.com/news/iranian-apt-charming-kitten-impersonates-clearsky-the-security-firm-that-uncovered-its-campaigns-7fea0b4f}, language = {English}, urldate = {2020-01-08} } Iranian APT Charming Kitten impersonates ClearSky, the security firm that uncovered its campaigns
Charming Kitten
2017-12-05ClearSky Research Team
@online{team:20171205:charming:064ca51, author = {ClearSky Research Team}, title = {{Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets}}, date = {2017-12-05}, url = {http://www.clearskysec.com/charmingkitten/}, language = {English}, urldate = {2019-12-17} } Charming Kitten: Iranian Cyber Espionage Against Human Rights Activists, Academic Researchers and Media Outlets
DownPaper
2017-12ClearSkyClearSky Research Team
@techreport{team:201712:charming:49a8e0c, author = {ClearSky Research Team}, title = {{Charming Kitten}}, date = {2017-12}, institution = {ClearSky}, url = {https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf}, language = {English}, urldate = {2019-12-04} } Charming Kitten
DownPaper Charming Kitten
2017-11-19Arab NewsELISE KNUTSEN
@online{knutsen:20171119:iranian:654e55f, author = {ELISE KNUTSEN}, title = {{Iranian agents blackmailed BBC reporter with ‘naked photo’ threats}}, date = {2017-11-19}, organization = {Arab News}, url = {http://www.arabnews.com/node/1195681/media}, language = {English}, urldate = {2019-12-17} } Iranian agents blackmailed BBC reporter with ‘naked photo’ threats
Charming Kitten
2017-08-08SC MagazineDoug Olenick
@online{olenick:20170808:hbo:dbb42ba, author = {Doug Olenick}, title = {{HBO breach accomplished with hard work by hacker, poor security practices by victim}}, date = {2017-08-08}, organization = {SC Magazine}, url = {https://www.scmagazine.com/home/security-news/cybercrime/hbo-breach-accomplished-with-hard-work-by-hacker-poor-security-practices-by-victim/}, language = {English}, urldate = {2020-01-13} } HBO breach accomplished with hard work by hacker, poor security practices by victim
Charming Kitten
2017-07-27ForbesThomas Brewster
@online{brewster:20170727:with:b21b072, author = {Thomas Brewster}, title = {{With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook}}, date = {2017-07-27}, organization = {Forbes}, url = {https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/}, language = {English}, urldate = {2020-01-07} } With Fake News And Femmes Fatales, Iran's Spies Learn To Love Facebook
Charming Kitten
2017-03-07Kaspersky LabsKaspersky
@techreport{kaspersky:20170307:from:2d853ae, author = {Kaspersky}, title = {{From Shamoon to Stonedrill}}, date = {2017-03-07}, institution = {Kaspersky Labs}, url = {https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf}, language = {English}, urldate = {2020-01-09} } From Shamoon to Stonedrill
Charming Kitten
2017-03-07Kaspersky LabsGReAT
@techreport{great:20170307:from:3af6ed0, author = {GReAT}, title = {{FROM SHAMOON TO STONEDRILL: Wipers attacking Saudi organizations and beyond}}, date = {2017-03-07}, institution = {Kaspersky Labs}, url = {https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07180722/Report_Shamoon_StoneDrill_final.pdf}, language = {English}, urldate = {2020-01-15} } FROM SHAMOON TO STONEDRILL: Wipers attacking Saudi organizations and beyond
StoneDrill
2017-02-06Iran ThreatsClaudio Guarnieri, Collin Anderson
@online{guarnieri:20170206:ikittens:b5486bb, author = {Claudio Guarnieri and Collin Anderson}, title = {{iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)}}, date = {2017-02-06}, organization = {Iran Threats}, url = {https://iranthreats.github.io/resources/macdownloader-macos-malware/}, language = {English}, urldate = {2020-01-09} } iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
MacDownloader Charming Kitten
2016-04-27Kaspersky LabsGReAT
@online{great:20160427:freezer:13a8a66, author = {GReAT}, title = {{Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)}}, date = {2016-04-27}, organization = {Kaspersky Labs}, url = {https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/}, language = {English}, urldate = {2019-10-18} } Freezer Paper around Free Meat (Repackaging Open Source BeEF for Tracking and More)
Charming Kitten
2016-04-27Kaspersky LabsGReAT
@online{great:20160427:freezer:bec7033, author = {GReAT}, title = {{Freezer Paper around Free Meat}}, date = {2016-04-27}, organization = {Kaspersky Labs}, url = {https://securelist.com/freezer-paper-around-free-meat/74503/}, language = {English}, urldate = {2019-12-20} } Freezer Paper around Free Meat
Charming Kitten
2016-04Bundesamt für VerfassungsschutzVarious
@techreport{various:201604:bfv:2f64764, author = {Various}, title = {{BfV Cyber-Brief: Hinweis auf aktuelle Angriffskampagne}}, date = {2016-04}, institution = {Bundesamt für Verfassungsschutz}, url = {https://www.verfassungsschutz.de/download/broschuere-2016-10-bfv-cyber-brief-2016-04.pdf}, language = {German}, urldate = {2020-01-08} } BfV Cyber-Brief: Hinweis auf aktuelle Angriffskampagne
Charming Kitten
2014-05-29The Washington TimesCheryl K. Chumley
@online{chumley:20140529:iranian:38c457f, author = {Cheryl K. Chumley}, title = {{Iranian hackers sucker punch U.S. defense officials with creative social-media scam}}, date = {2014-05-29}, organization = {The Washington Times}, url = {https://www.washingtontimes.com/news/2014/may/29/iranian-hackers-sucker-punch-us-defense-heads-crea/}, language = {English}, urldate = {2020-01-06} } Iranian hackers sucker punch U.S. defense officials with creative social-media scam
Charming Kitten
2014-05-28iSIGHT Partners (FireEye)iSIGHT Partners
@techreport{partners:20140528:newscaster:cc8ba66, author = {iSIGHT Partners}, title = {{NEWSCASTER: An Iranian Threat Within Social Networks}}, date = {2014-05-28}, institution = {iSIGHT Partners (FireEye)}, url = {https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2014/2014.05.28.NewsCaster_An_Iranian_Threat_Within_Social_Networks/file-2581720763-pdf.pdf}, language = {English}, urldate = {2019-10-15} } NEWSCASTER: An Iranian Threat Within Social Networks
Charming Kitten
2012-11-25CryptomeCryptome
@online{cryptome:20121125:parastoo:b652ed3, author = {Cryptome}, title = {{Parastoo Hacks IAEA}}, date = {2012-11-25}, organization = {Cryptome}, url = {https://cryptome.org/2012/11/parastoo-hacks-iaea.htm}, language = {English}, urldate = {2020-01-06} } Parastoo Hacks IAEA
Charming Kitten

Credits: MISP Project