US attacked by Iranian cyberespionage group

Iranian cyberespionage group Charming Kitten also known as APT35, TA453, Cobalt Mirage, Phosphorus, NewsBeef, Magic Hound, and Newscaster has been launching financially-motivated attacks against U.S. entities in the last few months, according to SecurityWeek. Secureworks Counter Threat Unit researchers identified that a U.S. philanthropic organization had its network infiltrated by Charming Kitten in January using previously secured access, which then prompted web shell deployment for dropping more files, including dllhost.exe, which facilitates system information gathering and command-and-control server communications. BitLocker was then leveraged to encrypt user workstations at the organization. "This approach suggests a small operation that relies on manual processes to map victims to the encryption keys used to lock their data," said researchers. Moreover, Charming Kitten also attacked a local U.S. government network in March, although the intrusion did not involve ransomware deployment. "After the March 2022 intrusion was detected and disrupted, no additional malicious activity was observed. CTU researchers have not directly observed ransomware attacks linked to [the activity], but there is evidence that those threat actors may be experimenting with ransomware," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.