Novel backdoor used in Charming Kitten attacks
Attacks involving the new BASICSTAR backdoor have been deployed by Iranian advanced persistent threat operation Charming Kitten, also known as Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda, against Middle East policy experts between September and October last year, according to The Hacker News.
Charming Kitten leveraged hacked email accounts to impersonate the Rasanah International Institute for Iranian Studies in phishing intrusions that lured targets into joining a fake webinar and facilitated the download of the BASICSTAR malware, which enabled system data exfiltration and remote command execution, a Volexity report showed. Other phishing attacks launched by Charming Kitten distributed the POWERLESS and NOKNOK backdoors, researchers said. "This threat actor is highly committed to conducting surveillance on their targets in order to determine how best to manipulate them and deploy malware. Additionally, few other threat actors have consistently churned out as many campaigns as CharmingCypress, dedicating human operators to support their ongoing efforts," said researchers.
Attacks involving the new BASICSTAR backdoor have been deployed by Iranian advanced persistent threat operation Charming Kitten, also known as Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda, against Middle East policy experts between September and October last year, according to The Hacker News.
Charming Kitten leveraged hacked email accounts to impersonate the Rasanah International Institute for Iranian Studies in phishing intrusions that lured targets into joining a fake webinar and facilitated the download of the BASICSTAR malware, which enabled system data exfiltration and remote command execution, a Volexity report showed. Other phishing attacks launched by Charming Kitten distributed the POWERLESS and NOKNOK backdoors, researchers said. "This threat actor is highly committed to conducting surveillance on their targets in order to determine how best to manipulate them and deploy malware. Additionally, few other threat actors have consistently churned out as many campaigns as CharmingCypress, dedicating human operators to support their ongoing efforts," said researchers.
