#charmingkitten — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #charmingkitten, aggregated by home.social.
-
Iran-linked cyber espionage surges across Middle East as conflict tensions rise, researchers say
New research from Proofpoint shows that escalating tensions involving Iran have coincided with a surge in cyber espionage…
#Israel #News #APT42 #CharmingKitten #CheckPoint #CobaltStrike #CyberEspionage #cyberoperations #cybercrime #espionage #HandalaHack #MintSandstorm #MuddyWater #phishing #proofpoint #TA453 #VoidManticore
https://www.europesays.com/2840087/ -
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East
#CharmingKitten #WhatsApp
https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/ -
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East
#CharmingKitten #WhatsApp
https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/ -
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East
#CharmingKitten #WhatsApp
https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/ -
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East
#CharmingKitten #WhatsApp
https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/ -
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East
#CharmingKitten #WhatsApp
https://techcrunch.com/2026/01/16/how-a-hacking-campaign-targeted-high-profile-gmail-and-whatsapp-users-across-the-middle-east/ -
0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?
Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.
-
0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?
Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.
-
0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?
Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.
-
0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?
Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.
-
0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?
Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.
-
Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache
-
Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache
-
Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache
-
Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache
-
Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache
-
Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache
-
Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache
-
Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache
-
Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache
-
Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache
-
BellaCiao,BellaCiao from the magic hound to the poor sod who's account is browned the magic that with the new year comes spies and hounds and hides it's crumbs whether social media or email links do not click if it blinks or stinks thehackernews.com/2024/12/iran... #apt35 #charmingkitten #magichound
-
BellaCiao,BellaCiao from the magic hound to the poor sod who's account is browned the magic that with the new year comes spies and hounds and hides it's crumbs whether social media or email links do not click if it blinks or stinks thehackernews.com/2024/12/iran... #apt35 #charmingkitten #magichound
-
BellaCPP, Charming Kitten’s BellaCiao variant written in C++ – Source: securityaffairs.com https://ciso2ciso.com/bellacpp-charming-kittens-bellaciao-variant-written-in-c-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CharmingKitten #BreakingNews #Intelligence #SecurityNews #hackingnews #BellaCPP #hacking #Malware #Iran #APT
-
BellaCPP, Charming Kitten’s BellaCiao variant written in C++ – Source: securityaffairs.com https://ciso2ciso.com/bellacpp-charming-kittens-bellaciao-variant-written-in-c-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CharmingKitten #BreakingNews #Intelligence #SecurityNews #hackingnews #BellaCPP #hacking #Malware #Iran #APT
-
BellaCPP, Charming Kitten’s BellaCiao variant written in C++ – Source: securityaffairs.com https://ciso2ciso.com/bellacpp-charming-kittens-bellaciao-variant-written-in-c-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #CharmingKitten #BreakingNews #Intelligence #SecurityNews #hackingnews #BellaCPP #hacking #Malware #Iran #APT
-
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
#CharmingKitten
https://www.ic3.gov/Media/News/2024/240927.pdf -
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
#CharmingKitten
https://www.ic3.gov/Media/News/2024/240927.pdf -
Iranian Cyber Actors Targeting Personal Accounts to Support Operations
#CharmingKitten
https://www.ic3.gov/Media/News/2024/240927.pdf -
Cyclops: a likely replacement for BellaCiao
#CharmingKitten #BellaCiao #Cyclops
https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/ -
Cyclops: a likely replacement for BellaCiao
#CharmingKitten #BellaCiao #Cyclops
https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/ -
Cyclops: a likely replacement for BellaCiao
#CharmingKitten #BellaCiao #Cyclops
https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/ -
Our team just released a report on #CharmingKitten/#APT35: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.
We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.
IOCs and more in the full post. Enjoy!
-
Our team just released a report on #CharmingKitten/#APT35: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.
We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.
IOCs and more in the full post. Enjoy!
-
Our team just released a report on #CharmingKitten/#APT35: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.
We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.
IOCs and more in the full post. Enjoy!
-
Our team just released a report on #CharmingKitten/#APT35: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.
We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.
IOCs and more in the full post. Enjoy!
-
Our team just released a report on #CharmingKitten/#APT35: https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/
We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.
We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.
IOCs and more in the full post. Enjoy!
-
📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren
#Datenschutz #ITSicherheit #AdvancedPersistentThreats #APTGruppe #CharmingKitten #FancyBear #Lazarus #SolarWinds https://sc.tarnkappe.info/db4898 -
📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren
#Datenschutz #ITSicherheit #AdvancedPersistentThreats #APTGruppe #CharmingKitten #FancyBear #Lazarus #SolarWinds https://sc.tarnkappe.info/db4898 -
📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren
#Datenschutz #ITSicherheit #AdvancedPersistentThreats #APTGruppe #CharmingKitten #FancyBear #Lazarus #SolarWinds https://sc.tarnkappe.info/db4898 -
📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren
#Datenschutz #ITSicherheit #AdvancedPersistentThreats #APTGruppe #CharmingKitten #FancyBear #Lazarus #SolarWinds https://sc.tarnkappe.info/db4898 -
📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren
#Datenschutz #ITSicherheit #AdvancedPersistentThreats #APTGruppe #CharmingKitten #FancyBear #Lazarus #SolarWinds https://sc.tarnkappe.info/db4898 -
Happy Thursday everyone!
The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!
CharmingCypress: Innovating Persistence
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!
Excessive Windows Discovery and Execution Processes - Potential Malware Installation
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting
-
Happy Thursday everyone!
The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!
CharmingCypress: Innovating Persistence
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!
Excessive Windows Discovery and Execution Processes - Potential Malware Installation
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting
-
Happy Thursday everyone!
The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!
CharmingCypress: Innovating Persistence
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!
Excessive Windows Discovery and Execution Processes - Potential Malware Installation
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting
-
Happy Thursday everyone!
The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!
CharmingCypress: Innovating Persistence
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!
Excessive Windows Discovery and Execution Processes - Potential Malware Installation
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting
-
Happy Thursday everyone!
The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!
CharmingCypress: Innovating Persistence
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!
Excessive Windows Discovery and Execution Processes - Potential Malware Installation
https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting
-
"🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"
Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.
Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence
-
"🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"
Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.
Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence
-
"🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"
Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.
Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence