|Type||Advanced persistent threat|
|Methods||Zero-days, spearphishing, malware, Social Engineering, Watering Hole|
|Membership||At least 5|
Turk Black Hat
Ajax Security Team
Charming Kitten (other aliases include APT35 (by Mandiant), Phosphorus (by Microsoft), Ajax Security (by FireEye), NewsBeef (by Kaspersky,)) is a cyberwarfare group, described by several companies and government officials as an advanced persistent threat.
On December 15, 2017 the group was designated by FireEye as a nation state based advanced persistent threat, regardless of the lack of its sophistication. Research conducted by FireEye in 2018 suggested that APT35 may be expanding their malware, and solidifying[clarification needed] their campaigns.
Witt Defection (Early 2013)
In 2013 former United States Air Force technical sergeant and military intelligence defense contractor Monica Witt defected to Iran knowing she might incur criminal charges by the United Stages for doing so. Her giving of intelligence to the government of Iran later caused Operation Saffron Rose, a cyberwarfare operation that targeted US military contractors.
HBO cyberattack (2017)
In 2017, following a cyberattack on HBO, a large-scale joint investigation was launched[by whom?] on the grounds that confidential information was being leaked. A conditional statement by a hacker going by alias Skote Vahshat said that if money was not paid, scripts of television episodes, including episodes of Game of Thrones, would be leaked. The hack caused a leak of 1.5 terabytes of data, some of which was shows and episodes that had not been broadcast at the time. HBO has since stated that it would take steps to make sure that they would not be breached again.
Second Indictment (2019)
A court order was issued[by whom?] authorizing Microsoft to take ownership of 99 DNS domains that were registered by the group. Microsoft has subsequently said that it plans to work to reduce the cyberattack rate significantly.
2020 Election interference attempts (2019)
|This section needs expansion. You can help by adding to it. (October 2019)|
- ^ “Microsoft uses court order to shut down APT35 websites”. CyberScoop. March 27, 2019.
- ^ “Ajax Security Team lead Iran-based hacking groups”. Security Affairs. May 13, 2014.
- ^ “Freezer Paper around Free Meat”. securelist.com.
- ^ Bass, Dina. “Microsoft Takes on Another Hacking Group, This One With Links to Iran”. news.bloomberglaw.com.
- ^ “OVERRULED: Containing a Potentially Destructive Adversary”. FireEye.
- ^ “Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign”. Security Affairs. July 3, 2018.
- ^ “The HBO hack: what we know (and what we don’t) – Vox”.
- ^ Petski, Denise; Petski, Denise (July 31, 2017). “HBO Confirms It Was Hit By Cyber Attack”.
- ^ “HBO Hacker Was Part of Iran’s “Charming Kitten” Elite Cyber-Espionage Unit”. BleepingComputer.
- ^ “Iranian Hackers Target Nuclear Experts, US Officials”. Dark Reading.
- ^ Satter, Raphael (December 13, 2018). “AP Exclusive: Iran hackers hunt nuclear workers, US targets”. AP NEWS.
- ^ “Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues”. www.justice.gov. February 13, 2019.
- ^ “Microsoft seizes 99 domains owned by Iranian state hackers”. News @ WebHosting.info. March 28, 2019.