Nation-State Actor
APT35 (Charming Kitten)
Iran • Active since 2014
APT35 is Iran's spy hacking team that pretends to be journalists or researchers to trick real journalists, activists, and government officials into giving up their passwords. They are very good at creating fake personas on social media.
Overview
APT35 is an Iranian state-sponsored threat group linked to the Islamic Revolutionary Guard Corps (IRGC). They focus on intelligence collection against journalists, activists, diplomats, and defense organizations through sophisticated social engineering.
Also Known As
Charming Kitten, Phosphorus, TA453, Mint Sandstorm, Magic Hound
Target Industries
Media, Government, Defense, Research, Human Rights
Target Regions
United States, Israel, Europe, Middle East
Is your business exposed?
Tactics, Techniques & Procedures
- • Elaborate social engineering
- • Fake social media personas
- • Credential harvesting
- • Compromised legitimate websites
- • Mobile malware deployment
Known Tools & Malware
POWERSTAR, CharmPower, HYPERSCRAPE, KORG, DownPaper
Notable Campaigns
Human Rights Activist Targeting (2020-2023)
Long-term campaign against journalists and activists using fake personas.
US Election Interference Attempts (2020)
Attempted to compromise campaign staff through spear-phishing.
MITRE ATT&CK Techniques
T1566.001, T1598.003, T1586.002, T1078, T1550.001
Defense Recommendations
- 1.
Train high-risk users on social engineering
- 2.
Implement hardware security keys for MFA
- 3.
Monitor for fake persona connections
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required