Newscaster

Threat Actor updated 4 months ago (2024-05-04T19:19:25.008Z)

Download STIX

Preview STIX

APT35, also known as Newscaster Team, is an Iranian government-sponsored cyber espionage group that conducts extensive operations to gather strategic intelligence. The group, which has been active since at least 2014, has been linked to a series of advanced persistent threat (APT) campaigns targeting various entities globally. Known by multiple names such as Charming Kitten, Phosphorus, Ajax Security Team, and TA453, the group has recently been dubbed Mint Sandstorm in Microsoft's updated threat actor naming taxonomy. The group has employed sophisticated tactics and tools in its operations. Volexity, a security firm, observed the group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign. ESET researchers have also reported a series of attacks conducted by the group, targeting entities in Brazil, Israel, and the United Arab Emirates. Notably, these attacks involve the use of targeted messages to victims with the aim of stealing login credential information. Newscaster's activities are primarily aimed at intelligence gathering, with potential applications ranging from supporting the development of weapon systems to gaining insight into U.S. military disposition or negotiations between Iran and the U.S. This was highlighted in a 2014 report by iSight, which described an elaborate net-based spying campaign organized by Iranian hackers using social media. Given the ongoing nature of Newscaster's activities and their potential implications for global security, it is crucial to continue monitoring and combating this threat actor.

Description last updated: 2024-05-04T18:24:00.888Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT35	3	APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the
Charming Kitten	2	Charming Kitten, also known as APT42, Storm-2035, Damselfly, Mint Sandstorm, TA453, and Yellow Garuda, is an Iranian threat actor group that has been linked to various cyber attacks. It has targeted entities in Brazil, Israel, and the United Arab Emirates using a new backdoor, as revealed by securit
Phosphorus	2	Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Newscaster Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	a year ago	Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
Securityaffairs	a year ago	Charming Kitten APT is targeting Iranian dissidents in Germany
Securityaffairs	a year ago	Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor
MITRE	2 years ago	Newscaster Threat Uses Social Media for Intelligence Gathering
MITRE	2 years ago	Advanced Persistent Threats (APTs) \| Threat Actors & Groups
CERT-EU	a year ago	Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
Securityaffairs	a year ago	Charming Kitten used a new BellaCiao malware in recent wave of attacks
CERT-EU	a year ago	Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware