home.social

#charmingkitten — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #charmingkitten, aggregated by home.social.

  1. Iran-linked cyber espionage surges across Middle East as conflict tensions rise, researchers say

    New research from Proofpoint shows that escalating tensions involving Iran have coincided with a surge in cyber espionage…
    #Israel #News #APT42 #CharmingKitten #CheckPoint #CobaltStrike #CyberEspionage #cyberoperations #cybercrime #espionage #HandalaHack #MintSandstorm #MuddyWater #phishing #proofpoint #TA453 #VoidManticore
    europesays.com/2840087/

  2. 0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

    Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

    archive.is/QkX57

    #Berlin #Badenberg #CharmingKitten #apt35

  3. 0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

    Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

    archive.is/QkX57

    #Berlin #Badenberg #CharmingKitten #apt35

  4. 0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

    Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

    archive.is/QkX57

    #Berlin #Badenberg #CharmingKitten #apt35

  5. 0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

    Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

    archive.is/QkX57

    #Berlin #Badenberg #CharmingKitten #apt35

  6. 0day Browser RCE von Charming Kitten / APT35 oder schlechte Berichterstattung?

    Angeblich wurde auf einen Link geklickt und dadurch™ der Rechner infiziert.

    archive.is/QkX57

    #Berlin #Badenberg #CharmingKitten #apt35

  7. Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache

  8. Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache

  9. Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache

  10. Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache

  11. Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. #Iran #Demokratie #EUParlament #CharmingKitten #EinfacheSprache

  12. Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache

  13. Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache

  14. Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache

  15. Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache

  16. Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. #Iran #CharmingKitten #Neumann #EU #EinfacheSprache

  17. BellaCiao,BellaCiao from the magic hound to the poor sod who's account is browned the magic that with the new year comes spies and hounds and hides it's crumbs whether social media or email links do not click if it blinks or stinks thehackernews.com/2024/12/iran... #apt35 #charmingkitten #magichound

  18. BellaCiao,BellaCiao from the magic hound to the poor sod who's account is browned the magic that with the new year comes spies and hounds and hides it's crumbs whether social media or email links do not click if it blinks or stinks thehackernews.com/2024/12/iran... #apt35 #charmingkitten #magichound

  19. Our team just released a report on #CharmingKitten/#APT35: harfanglab.io/insidethelab/cyc

    We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.

    We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
    There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.

    Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.

    IOCs and more in the full post. Enjoy!

  20. Our team just released a report on #CharmingKitten/#APT35: harfanglab.io/insidethelab/cyc

    We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.

    We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
    There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.

    Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.

    IOCs and more in the full post. Enjoy!

  21. Our team just released a report on #CharmingKitten/#APT35: harfanglab.io/insidethelab/cyc

    We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.

    We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
    There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.

    Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.

    IOCs and more in the full post. Enjoy!

  22. Our team just released a report on #CharmingKitten/#APT35: harfanglab.io/insidethelab/cyc

    We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.

    We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
    There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.

    Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.

    IOCs and more in the full post. Enjoy!

  23. Our team just released a report on #CharmingKitten/#APT35: harfanglab.io/insidethelab/cyc

    We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.

    We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.
    There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.

    Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.

    IOCs and more in the full post. Enjoy!

  24. Happy Thursday everyone!

    The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!

    CharmingCypress: Innovating Persistence
    volexity.com/blog/2024/02/13/c

    As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!

    Excessive Windows Discovery and Execution Processes - Potential Malware Installation
    volexity.com/blog/2024/02/13/c

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  25. Happy Thursday everyone!

    The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!

    CharmingCypress: Innovating Persistence
    volexity.com/blog/2024/02/13/c

    As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!

    Excessive Windows Discovery and Execution Processes - Potential Malware Installation
    volexity.com/blog/2024/02/13/c

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  26. Happy Thursday everyone!

    The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!

    CharmingCypress: Innovating Persistence
    volexity.com/blog/2024/02/13/c

    As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!

    Excessive Windows Discovery and Execution Processes - Potential Malware Installation
    volexity.com/blog/2024/02/13/c

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  27. Happy Thursday everyone!

    The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!

    CharmingCypress: Innovating Persistence
    volexity.com/blog/2024/02/13/c

    As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!

    Excessive Windows Discovery and Execution Processes - Potential Malware Installation
    volexity.com/blog/2024/02/13/c

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  28. Happy Thursday everyone!

    The Volexity team share their findings from a recent incident that involved the APT known as #CharmingKitten (aka #CharmingCypress) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!

    CharmingCypress: Innovating Persistence
    volexity.com/blog/2024/02/13/c

    As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!

    Excessive Windows Discovery and Execution Processes - Potential Malware Installation
    volexity.com/blog/2024/02/13/c

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday #huntoftheday #gethunting

  29. "🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"

    Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.

    Microsoft's security blog

    Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence

    Mitre - APT35

  30. "🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"

    Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.

    Microsoft's security blog

    Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence

    Mitre - APT35

  31. "🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"

    Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.

    Microsoft's security blog

    Tags: #CyberSecurity #Phishing #APT35 #CharmingKitten #MintSandstorm #MicrosoftSecurity #InfoSec #ThreatIntelligence

    Mitre - APT35