Charming Kitten
| Formation | c. 2004–2007 |
|---|---|
| Type | Advanced persistent threat |
| Purpose | Cyberespionage, cyberwarfare |
Region | Middle East |
| Methods | Zero-days, spearphishing, malware, Social Engineering, Watering Hole |
| Membership | At least 5 |
Official language | Persian |
Parent organization | IRGC |
| Affiliations | Rocket Kitten APT34 APT33 |
Formerly called | APT35 Turk Black Hat Ajax Security Team Phosphorus |
Charming Kitten, also called APT35 (by Mandiant), Phosphorus or Mint Sandstorm (by Microsoft), Ajax Security (by FireEye), and NewsBeef (by Kaspersky), is an Iranian government cyberwarfare group, described by several companies and government officials as an advanced persistent threat (APT).
The United States Cybersecurity and Infrastructure Security Agency (CISA) has identified Charming Kitten as one of several Iranian state-aligned actors that target civil society organizations, including journalists, academics, and human rights defenders, in the United States, Europe, and the Middle East, as part of efforts to collect intelligence, manipulate discourse, and suppress dissent.
The group is known to conduct phishing campaigns that impersonate legitimate organizations and websites, using fake accounts and domains to harvest user credentials.