Email security

Novel backdoor used in Charming Kitten attacks

Novel backdoor used in Charming Kitten attacks

Attacks involving the new BASICSTAR backdoor have been deployed by Iranian advanced persistent threat operation Charming Kitten, also known as Charming Cypress, Mint Sandstorm, APT35, TA453, and Yellow Garuda, against Middle East policy experts between September and October last year, according to The Hacker News.

Charming Kitten leveraged hacked email accounts to impersonate the Rasanah International Institute for Iranian Studies in phishing intrusions that lured targets into joining a fake webinar and facilitated the download of the BASICSTAR malware, which enabled system data exfiltration and remote command execution, a Volexity report showed. Other phishing attacks launched by Charming Kitten distributed the POWERLESS and NOKNOK backdoors, researchers said. "This threat actor is highly committed to conducting surveillance on their targets in order to determine how best to manipulate them and deploy malware. Additionally, few other threat actors have consistently churned out as many campaigns as CharmingCypress, dedicating human operators to support their ongoing efforts," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.