mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

8.8K
active users

#charmingkitten

0 posts0 participants0 posts today
SchreibeEinfach🏳️‍🌈✊❤️🔥🧠🎉<p>Hannah Neumann ist Vorsitzende der Iran-Delegation im EU-Parlament. Sie kämpft für Demokratie. Jetzt wurde sie Ziel eines Hackerangriffs. Das ist ein direkter Angriff auf unsere Werte. Wer schweigt, macht sich mitschuldig. <a href="https://23.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> <a href="https://23.social/tags/Demokratie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Demokratie</span></a> <a href="https://23.social/tags/EUParlament" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EUParlament</span></a> <a href="https://23.social/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://23.social/tags/EinfacheSprache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EinfacheSprache</span></a></p>
SchreibeEinfach🏳️‍🌈✊❤️🔥🧠🎉<p>Iran greift nicht nur sein eigenes Volk an. Jetzt auch EU-Politiker. Die Hackergruppe „Charming Kitten“ wollte Hannah Neumann ausspionieren. Warum? Weil sie sich für Freiheit und Menschenrechte einsetzt. Wer so handelt, zeigt, wie gefährlich Diktaturen sind. <a href="https://23.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> <a href="https://23.social/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://23.social/tags/Neumann" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Neumann</span></a> <a href="https://23.social/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EU</span></a> <a href="https://23.social/tags/EinfacheSprache" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EinfacheSprache</span></a></p>
Threat Insight<p>New APT insight from Proofpoint ⬇️</p><p>This week, our team observed IRGC/Iraninan-aligned threat group <a href="https://infosec.exchange/tags/TA453" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TA453</span></a> continue their phishing efforts despite the recent unsealing of indictments and sanctions by the U.S. government.</p><p>Specifically, Proofpoint observed TA453 masquerade as the Centre for Feminist Foreign Policy (CFFP) to target individuals associated with U.S. based universities, media companies, and politically adjacent social benefit organizations.</p><p>Today <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISA</span></a> and the <span class="h-card" translate="no"><a href="https://infosec.exchange/@FBI" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>FBI</span></a></span> released a resource guide titled, “How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations.” It sets a good baseline on ways to protect against a variety of threat actors, including TA453. <a href="https://www.cisa.gov/resources-tools/resources/how-protect-against-iranian-targeting-accounts-associated-national-political-organizations" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/resources-tools/resou</span><span class="invisible">rces/how-protect-against-iranian-targeting-accounts-associated-national-political-organizations</span></a></p><p>TA453 overlaps with reporting on <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a>, <a href="https://infosec.exchange/tags/MintSandstorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MintSandstorm</span></a>, <a href="https://infosec.exchange/tags/CharmingCypress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingCypress</span></a> and <a href="https://infosec.exchange/tags/APT42" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT42</span></a>.</p><p>See our recent blog post to learn more about TA453’s malware evolution. <a href="https://ow.ly/OrXE50THoKZ" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ow.ly/OrXE50THoKZ</span><span class="invisible"></span></a></p>
The Threat Codex<p>Iranian Cyber Actors Targeting Personal Accounts to Support Operations<br><a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <br><a href="https://www.ic3.gov/Media/News/2024/240927.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ic3.gov/Media/News/2024/240927</span><span class="invisible">.pdf</span></a></p>
Threat Insight<p>The Iran-aligned threat actor who compromised the Trump campaign's email systems is known in the cybersecurity research community as <a href="https://infosec.exchange/tags/TA453" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TA453</span></a>, <a href="https://infosec.exchange/tags/APT42" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT42</span></a>, or <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a>.</p><p>"The group's appearance in the U.S. election is noteworthy, sources told <span class="h-card" translate="no"><a href="https://press.coop/@Reuters" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Reuters</span></a></span>, because of their invasive <a href="https://infosec.exchange/tags/espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>espionage</span></a> approach against high-value targets in Washington and Israel."</p><p>Read the article for insights from Joshua Miller of Proofpoint and other experts: <a href="https://www.reuters.com/world/trump-campaigns-iranian-hackers-have-dangerous-history-deep-expertise-2024-08-23/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reuters.com/world/trump-campai</span><span class="invisible">gns-iranian-hackers-have-dangerous-history-deep-expertise-2024-08-23/</span></a></p>
The Threat Codex<p>Cyclops: a likely replacement for BellaCiao<br><a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://infosec.exchange/tags/BellaCiao" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BellaCiao</span></a> <a href="https://infosec.exchange/tags/Cyclops" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyclops</span></a> <br><a href="https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">harfanglab.io/insidethelab/cyc</span><span class="invisible">lops-replacement-bellaciao/</span></a></p>
Ivan Kwiatkowski<p>Our team just released a report on <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a>/#APT35: <a href="https://harfanglab.io/insidethelab/cyclops-replacement-bellaciao/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">harfanglab.io/insidethelab/cyc</span><span class="invisible">lops-replacement-bellaciao/</span></a></p><p>We discovered a new malware family called Cyclops, written in Go. It launches a local web server which exposes a REST API used to control the malware. The port is forwarded to the C2 via SSH.</p><p>We believe Cyclops was developed as a replacement for the (burnt) BellaCiao implant.<br>There seem to be very few samples in existence and we'd be curious to know if anyone else can find some. Suspected area of activity is the Middle-East since December 2023.</p><p>Reverse-engineering was a challenge due to the malware expecting mashalled objects from the network. How do you figure out their expected structure with Golang when there's no constructor? If there's any interest, I may write a separate blog post or thread on the subject.</p><p>IOCs and more in the full post. Enjoy!</p>
Tarnkappe.info<p>📬 Die stille Gefahr: Wie APT-Gruppen Unternehmen infiltrieren<br><a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Datenschutz</span></a> <a href="https://social.tchncs.de/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSicherheit</span></a> <a href="https://social.tchncs.de/tags/AdvancedPersistentThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AdvancedPersistentThreats</span></a> <a href="https://social.tchncs.de/tags/APTGruppe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APTGruppe</span></a> <a href="https://social.tchncs.de/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://social.tchncs.de/tags/FancyBear" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FancyBear</span></a> <a href="https://social.tchncs.de/tags/Lazarus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lazarus</span></a> <a href="https://social.tchncs.de/tags/SolarWinds" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SolarWinds</span></a> <a href="https://sc.tarnkappe.info/db4898" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sc.tarnkappe.info/db4898</span><span class="invisible"></span></a></p>
Just Another Blue Teamer<p>Happy Thursday everyone!</p><p>The Volexity team share their findings from a recent incident that involved the APT known as <a href="https://ioc.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> (aka <a href="https://ioc.exchange/tags/CharmingCypress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingCypress</span></a>) and what lengths this group went to make their attack look as convincing as possible. The Volexity team also shared technical details about the malware that was used, specific commands seen, and TTPs used. Enjoy and Happy Hunting!</p><p>CharmingCypress: Innovating Persistence<br><a href="https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2024/02/13/c</span><span class="invisible">harmingcypress-innovating-persistence/</span></a></p><p>As always, I don't want to leave you empty handed! So take this Community Hunt Package from Cyborg Security to help you identify discovery behavior from adversaries!</p><p>Excessive Windows Discovery and Execution Processes - Potential Malware Installation<br><a href="https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2024/02/13/c</span><span class="invisible">harmingcypress-innovating-persistence/</span></a></p><p><a href="https://ioc.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://ioc.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://ioc.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://ioc.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeam</span></a> <a href="https://ioc.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://ioc.exchange/tags/ThreatHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatHunting</span></a> <a href="https://ioc.exchange/tags/ThreatDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatDetection</span></a> <a href="https://ioc.exchange/tags/HappyHunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HappyHunting</span></a> <a href="https://ioc.exchange/tags/readoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>readoftheday</span></a> <a href="https://ioc.exchange/tags/huntoftheday" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>huntoftheday</span></a> <a href="https://ioc.exchange/tags/gethunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gethunting</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🌪️ Mint Sandstorm: Sophisticated Phishing Campaign Unleashed by APT35 🚨"</p><p>Microsoft's security blog reveals an intricate phishing campaign, "Mint Sandstorm," by the subgroup PHOSPHORUS (also known as APT35 and Charming Kitten), linked to Iran's Islamic Revolutionary Guard Corps. This campaign targets individuals in universities and research organizations involved in Middle Eastern affairs across various countries. Unique tactics include bespoke phishing lures, using compromised legitimate email accounts, and deploying custom backdoors like MediaPl and MischiefTut. These tools allow for encrypted communications, reconnaissance, and persistence in target environments. Microsoft suggests using Attack Simulator in Defender for Office 365, enabling SmartScreen on browsers, and activating cloud-delivered protection to mitigate risks.</p><p><a href="https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/" rel="nofollow noopener" target="_blank">Microsoft's security blog</a></p><p>Tags: <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/APT35" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT35</span></a> <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://infosec.exchange/tags/MintSandstorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MintSandstorm</span></a> <a href="https://infosec.exchange/tags/MicrosoftSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftSecurity</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a></p><p><a href="https://attack.mitre.org/groups/G0087/" rel="nofollow noopener" target="_blank">Mitre - APT35</a></p>
Geeky Malcölm 🇨🇦<p>Iran's <a href="https://ioc.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> Pounces on Israeli <a href="https://ioc.exchange/tags/Exchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exchange</span></a> Servers</p><p><a href="https://www.darkreading.com/dr-global/irans-charming-kitten-israeli-exchange-servers" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/dr-global/iran</span><span class="invisible">s-charming-kitten-israeli-exchange-servers</span></a></p>
🛡 H3lium@infosec.exchange/:~# :blinking_cursor:​<p>"🔍 Charming Kitten Strikes with 'Sponsor' Malware! 🕵️"<br>The notorious APT group 'Charming Kitten' (also known as Phosphorus, TA453, APT35/42) has unveiled a new backdoor malware named 'Sponsor'. This malware has already targeted 34 global companies. Stay vigilant! 🌍🔥</p><p>A nation-state threat actor, known by various aliases including 'Charming Kitten,' 'Phosphorus,' 'TA453,' and 'APT35/42,' has recently executed a sophisticated cyber campaign using a previously undisclosed backdoor malware named 'Sponsor.' ESET researchers have identified this campaign, which targeted 34 companies worldwide between March 2021 and June 2022, encompassing government and healthcare organizations, financial services, engineering, manufacturing, technology, law, telecommunications, and more. The primary targets were located in Israel, Brazil, and the United Arab Emirates.</p><p><strong>Key Findings:</strong></p><ol><li><p><strong>Concealed Configuration Files:</strong> The 'Sponsor' backdoor is notable for its ability to hide configuration files on the victim's system, making it stealthy and difficult to detect. These files are deployed discreetly through malicious batch scripts.</p></li><li><p><strong>Initial Access via Microsoft Exchange Vulnerability:</strong> The threat actor primarily exploited the CVE-2021-26855 vulnerability in Microsoft Exchange to gain initial access to targeted networks.</p></li><li><p><strong>Tool Usage:</strong> Charming Kitten utilized various open-source tools for data exfiltration, system monitoring, network infiltration, and maintaining access to compromised computers.</p></li><li><p><strong>Payload Deployment:</strong> Prior to deploying the 'Sponsor' backdoor, the attackers dropped batch files on specific file paths, creating seemingly innocuous files named config.txt, node.txt, and error.txt to avoid arousing suspicion.</p></li><li><p><strong>Functionality of 'Sponsor' Backdoor:</strong> 'Sponsor' is a C++ backdoor that establishes a service upon launch based on instructions from the configuration file. The configuration file contains encrypted command and control (C2) server addresses, C2 contacting intervals, and the RC4 decryption key. The malware collects system information and sends it to the C2, receiving a unique node ID in return. It then enters a loop to receive and execute commands from the C2, including process ID reporting, command execution, file retrieval and execution, and more.</p></li><li><p><strong>Disguised Second Version:</strong> ESET identified a second version of 'Sponsor' with code optimizations and camouflage features, making it appear as an updater tool.</p></li><li><p><strong>Indicators of Compromise (IOCs):</strong> Although the IP addresses used in this campaign are no longer active, ESET has shared comprehensive IOCs to assist in defending against potential future threats that may reuse the tools or infrastructure deployed by Charming Kitten.</p></li></ol><p>Organizations worldwide, particularly those in the targeted sectors and regions, should remain vigilant and ensure their cybersecurity defenses are up-to-date and capable of detecting advanced threats like 'Sponsor' used by nation-state actors like Charming Kitten. Regular patching and network monitoring are essential to mitigate such cyber risks.</p><p>Source: <a href="https://www.bleepingcomputer.com/news/security/iranian-hackers-backdoor-34-orgs-with-new-sponsor-malware/" rel="nofollow noopener" target="_blank">BleepingComputer.com</a><br><a href="https://attack.mitre.org/groups/G0059/" rel="nofollow noopener" target="_blank">Mitre - Charming Kitten</a><br>Tags: <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://infosec.exchange/tags/SponsorMalware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SponsorMalware</span></a> <a href="https://infosec.exchange/tags/CyberAttack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberAttack</span></a></p>
Freemind<p>Sponsor, written in C++, is designed to gather crucial information from the compromised host and execute instructions received from the attackers’ remote server.</p><p><a href="https://mastodon.online/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.online/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://mastodon.online/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> <a href="https://mastodon.online/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a></p><p><a href="https://cybersec84.wordpress.com/2023/09/11/iranian-threat-actor-charming-kitten-launches-new-attack-campaign-targeting-brazil-israel-and-uae/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersec84.wordpress.com/2023/</span><span class="invisible">09/11/iranian-threat-actor-charming-kitten-launches-new-attack-campaign-targeting-brazil-israel-and-uae/</span></a></p>
Tarnkappe.info<p>📬 Spionage im Internet: Verfassungsschutz warnt vor Charming Kitten<br><a href="https://social.tchncs.de/tags/Cyberangriffe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberangriffe</span></a> <a href="https://social.tchncs.de/tags/Geheimdienste" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Geheimdienste</span></a> <a href="https://social.tchncs.de/tags/Bundesverfassungsschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bundesverfassungsschutz</span></a> <a href="https://social.tchncs.de/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://social.tchncs.de/tags/CyberSpionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSpionage</span></a> <a href="https://social.tchncs.de/tags/Cyberabwehr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberabwehr</span></a> <a href="https://social.tchncs.de/tags/DrMansourSohrabi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DrMansourSohrabi</span></a> <a href="https://social.tchncs.de/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> <a href="https://social.tchncs.de/tags/JadranMesic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JadranMesic</span></a> <a href="https://social.tchncs.de/tags/MikeHart" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MikeHart</span></a> <a href="https://tarnkappe.info/artikel/cyberangriff/spionage-im-internet-verfassungsschutz-warnt-vor-charming-kitten-279835.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tarnkappe.info/artikel/cyberan</span><span class="invisible">griff/spionage-im-internet-verfassungsschutz-warnt-vor-charming-kitten-279835.html</span></a></p>
Marcel SIneM(S)US<p>Verfassungsschutz: Iranische Hacker wollen Regimekritiker hierzulande ausspähen | heise online <a href="https://www.heise.de/news/Verfassungsschutz-Iranische-Hacker-wollen-Regimekritiker-hierzulande-ausspaehen-9240674.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Verfassungsschut</span><span class="invisible">z-Iranische-Hacker-wollen-Regimekritiker-hierzulande-ausspaehen-9240674.html</span></a> <a href="https://social.tchncs.de/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://social.tchncs.de/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.tchncs.de/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://social.tchncs.de/tags/SocialEngineneering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialEngineneering</span></a> <a href="https://social.tchncs.de/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> 🇮🇷 <a href="https://social.tchncs.de/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a></p>
Anonymous Germany<p>Nach Erkenntnissen des Bundesamtes für <a href="https://social.tchncs.de/tags/Verfassungsschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Verfassungsschutz</span></a> (<a href="https://social.tchncs.de/tags/BfV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BfV</span></a>) ist seit Ende 2022 von konkreten Ausspähversuchen der <a href="https://social.tchncs.de/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a>-Gruppe <a href="https://social.tchncs.de/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> gegen iranische Personen und Organisationen in Deutschland auszugehen.</p><p>Insbesondere warnt das BfV im "Cyber-Brief Nr. 01/2023" vom 10. August 23 vor <a href="https://social.tchncs.de/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a>-Angriffen gegen <a href="https://social.tchncs.de/tags/Dissidenten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dissidenten</span></a>-Organisationen und Einzelpersonen – wie Juristen, Journalisten oder <a href="https://social.tchncs.de/tags/Menschenrechtsaktivisten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Menschenrechtsaktivisten</span></a> – innerhalb und außerhalb des <a href="https://social.tchncs.de/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>.</p><p><a href="https://www.verfassungsschutz.de/SharedDocs/kurzmeldungen/DE/2023/2023-08-10-cyber-brief-01-2023.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">verfassungsschutz.de/SharedDoc</span><span class="invisible">s/kurzmeldungen/DE/2023/2023-08-10-cyber-brief-01-2023.html</span></a></p>
Volexity :verified:<p>From the <span class="h-card"><a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>volexity</span></a></span> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> team: this blog post details <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a>'s POWERSTAR malware, now with an InterPlanetary twist... Read more: <a href="https://www.volexity.com/blog/2023/06/28/charming-kitten-updates-powerstar-with-an-interplanetary-twist/" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">volexity.com/blog/2023/06/28/c</span><span class="invisible">harming-kitten-updates-powerstar-with-an-interplanetary-twist/</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a></p>
Tarnkappe.info<p>📬 PowerLess: Malware hat es jetzt auch auf Telegram-Daten abgesehen<br><a href="https://social.tchncs.de/tags/Cyberangriffe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberangriffe</span></a> <a href="https://social.tchncs.de/tags/Kurznotiert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kurznotiert</span></a> <a href="https://social.tchncs.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.tchncs.de/tags/APT35" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT35</span></a> <a href="https://social.tchncs.de/tags/APT42" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT42</span></a> <a href="https://social.tchncs.de/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://social.tchncs.de/tags/CheckPointResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CheckPointResearch</span></a> <a href="https://social.tchncs.de/tags/EducatedManticore" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EducatedManticore</span></a> <a href="https://social.tchncs.de/tags/MintSandstorm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MintSandstorm</span></a> <a href="https://social.tchncs.de/tags/Phosphorus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phosphorus</span></a> <a href="https://social.tchncs.de/tags/PowerLess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerLess</span></a> <a href="https://social.tchncs.de/tags/TA453" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TA453</span></a> <a href="https://social.tchncs.de/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telegram</span></a> <a href="https://tarnkappe.info/artikel/it-sicherheit/malware/powerless-malware-hat-es-jetzt-auch-auf-telegram-daten-abgesehen-273696.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tarnkappe.info/artikel/it-sich</span><span class="invisible">erheit/malware/powerless-malware-hat-es-jetzt-auch-auf-telegram-daten-abgesehen-273696.html</span></a></p>
dispatch<p>Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware <a href="https://www.tripwire.com/state-of-security/charming-kitten-targets-critical-infrastructure-us-and-elsewhere-bellaciao" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">tripwire.com/state-of-security</span><span class="invisible">/charming-kitten-targets-critical-infrastructure-us-and-elsewhere-bellaciao</span></a> <a href="https://ioc.exchange/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>criticalinfrastructure</span></a> <a href="https://ioc.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://ioc.exchange/tags/Guestblog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Guestblog</span></a> <a href="https://ioc.exchange/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://ioc.exchange/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a></p>
securityaffairs<p>Iranian <a href="https://infosec.exchange/tags/CharmingKitten" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CharmingKitten</span></a> <a href="https://infosec.exchange/tags/APT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APT</span></a> used a new <a href="https://infosec.exchange/tags/BellaCiao" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BellaCiao</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> in recent wave of attacks<br><a href="https://securityaffairs.com/145354/malware/iran-charming-kitten-bellaciao.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/145354/mal</span><span class="invisible">ware/iran-charming-kitten-bellaciao.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a></p>