Charming Kitten

Charming Kitten (other aliases include APT35 (by Mandiant), Phosphorus (by Microsoft),[1] Ajax Security (by FireEye),[2] NewsBeef (by Kaspersky,[3]))[4] is a cyberwarfare group, described by several companies and government officials as an advanced persistent threat.

Charming Kitten
Модный мишка
Formationc. 2004–2007
TypeAdvanced persistent threat
PurposeCyberespionage, cyberwarfare
Region
Middle East
MethodsZero-days, spearphishing, malware, Social Engineering, Watering Hole
Membership
At least 5
Official language
Persian
Parent organization
IRGC
AffiliationsRocket Kitten
Formerly called
APT35
Turk Black Hat
Ajax Security Team
Phosphorus

On December 15, 2017 the group was designated by FireEye as a nation state based advanced persistent threat, regardless of the lack of its sophistication. Research conducted by FireEye in 2018 suggested that APT35 may be expanding their malware, and solidifying their campaigns.[5]

The group has since been known to use phishing to impersonate company websites,[6] as well as fake accounts and fake DNS domains to phish users' passwords.

History

Witt Defection (Early 2013)

In 2013, former United States Air Force technical sergeant and military intelligence defense contractor Monica Witt defected to Iran knowing she might incur criminal charges by the United Stages for doing so. Her giving of intelligence to the government of Iran later caused Operation Saffron Rose, a cyberwarfare operation that targeted US military contractors.

HBO cyberattack (2017)

In 2017, following a cyberattack on HBO, a large-scale joint investigation was launched on the grounds that confidential information was being leaked. A conditional statement by a hacker going by alias Skote Vahshat said that if money was not paid, scripts of television episodes, including episodes of Game of Thrones, would be leaked. The hack caused a leak of 1.5 terabytes of data, some of which was shows and episodes that had not been broadcast at the time.[7] HBO has since stated that it would take steps to make sure that they would not be breached again.[8]

Behzad Mesri was subsequently indicted for the hack. He has since been alleged to be part of the operation unit that had leaked confidential information. [9]

According to Certfa, Charming Kitten had targeted US officials involved with the 2015 Iran Nuclear Deal. The Iranian government denied any involvement.[10][11]

Second Indictment (2019)

Witt was officially charged by a Washington, D.C. based jury on February 19, 2019.[12] Four others including the HBO hacker were also charged.

A court order was issued authorizing Microsoft to take ownership of 99 DNS domains that were registered by the group. Microsoft has subsequently said that it plans to work to reduce the cyberattack rate significantly.[13]

2020 Election interference attempts (2019)

See also

References
  1. "Microsoft uses court order to shut down APT35 websites". CyberScoop. March 27, 2019.
  2. "Ajax Security Team lead Iran-based hacking groups". Security Affairs. May 13, 2014.
  3. "Freezer Paper around Free Meat". securelist.com.
  4. Bass, Dina. "Microsoft Takes on Another Hacking Group, This One With Links to Iran". news.bloomberglaw.com.
  5. "OVERRULED: Containing a Potentially Destructive Adversary". FireEye.
  6. "Iranian Charming Kitten ATP group poses as Israeli cybersecurity firm in phishing campaign". Security Affairs. July 3, 2018.
  7. "The HBO hack: what we know (and what we don't) - Vox".
  8. Petski, Denise (July 31, 2017). "HBO Confirms It Was Hit By Cyber Attack".
  9. "HBO Hacker Was Part of Iran's "Charming Kitten" Elite Cyber-Espionage Unit". BleepingComputer.
  10. "Iranian Hackers Target Nuclear Experts, US Officials". Dark Reading.
  11. Satter, Raphael (December 13, 2018). "AP Exclusive: Iran hackers hunt nuclear workers, US targets". AP NEWS.
  12. "Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged With a Cyber Campaign Targeting Her Former Colleagues". www.justice.gov. February 13, 2019.
  13. "Microsoft seizes 99 domains owned by Iranian state hackers". News @ WebHosting.info. March 28, 2019.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.