Charming Kitten APT35 Espionage Apparatus Revealed

Cyber Security News by CyberSum.net

Published on October 9, 2025 at 03:01 AM

3 sources

CloudSEK’s TRIAD unit has uncovered internal operational materials revealing Charming Kitten (APT35), an espionage apparatus linked to a governmental entity. The leak includes over 100 Persian-language files marked with specific calendar dates, highlighting a complex structure with specialized roles. The group uses various tactics, including SQL injection, malware development, and infrastructure exploitation. They rapidly weaponize vulnerabilities and employ web shells and obfuscated DLL payloads to bypass security solutions. Social engineering, phishing, and smishing are core components of their campaigns, targeting legal, academic, and governmental sectors across multiple regions.

Also Read

Spear-Phishing Campaign Targets Automobile and E-commerce Industries

Researchers at SEQRITE Labs have uncovered a targeted spear-phishing campaign aimed at organizations in the automobile and e-commerce industries. The operation, active since early October 2025, deploys a previously undocumented .NET-based backdoor dubbed CAPI, designed for credential theft, system reconnaissance, and persistent access. The attack chain uses tax-related decoy documents to lure employees and executes the payload through rundll32.exe, a legitimate Windows binary, to evade detection. The infection begins with a malicious ZIP archive named Payroll Recalculation as of October 1, 2025. Inside the ZIP, analysts found both LNK and PDF files, a common spear-phishing tactic to disguise executable payloads as legitimate business documents.

By Cyber Security News by CyberSum.netOctober 20, 2025 at 06:00 AM