Newscaster

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
APT35, also known as Newscaster Team, is an Iranian government-sponsored cyber espionage group that conducts extensive operations to gather strategic intelligence. The group, which has been active since at least 2014, has been linked to a series of advanced persistent threat (APT) campaigns targeting various entities globally. Known by multiple names such as Charming Kitten, Phosphorus, Ajax Security Team, and TA453, the group has recently been dubbed Mint Sandstorm in Microsoft's updated threat actor naming taxonomy. The group has employed sophisticated tactics and tools in its operations. Volexity, a security firm, observed the group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign. ESET researchers have also reported a series of attacks conducted by the group, targeting entities in Brazil, Israel, and the United Arab Emirates. Notably, these attacks involve the use of targeted messages to victims with the aim of stealing login credential information. Newscaster's activities are primarily aimed at intelligence gathering, with potential applications ranging from supporting the development of weapon systems to gaining insight into U.S. military disposition or negotiations between Iran and the U.S. This was highlighted in a 2014 report by iSight, which described an elaborate net-based spying campaign organized by Iranian hackers using social media. Given the ongoing nature of Newscaster's activities and their potential implications for global security, it is crucial to continue monitoring and combating this threat actor.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
APT35
3
APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the
Charming Kitten
2
Charming Kitten, an Iranian Advanced Persistent Threat (APT) group, also known as ITG18, Phosphorous, and TA453, is a significant cybersecurity threat. This threat actor has been associated with numerous malicious activities, exhibiting advanced and sophisticated social-engineering efforts. The grou
Phosphorus
2
Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
TA453
1
TA453, also known as Charming Kitten, APT35, Phosphorus, and Ballistic Bobcat, is a threat actor attributed to the Iranian government. This group has been involved in numerous cyber espionage campaigns against various entities worldwide, with notable incidents involving an attack on a close affiliat
Mint Sandstorm
1
Mint Sandstorm, an Iranian nation-state threat actor also known as APT35 and Charming Kitten, has been identified by Microsoft as a significant cybersecurity concern. The group is linked to Iran's Islamic Revolutionary Guard Corps and is known for its sophisticated cyber campaigns targeting high-val
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Espionage
Phishing
Backdoor
Microsoft’s
Microsoft
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PowerstarUnspecified
1
Powerstar is a malicious software (malware) deployed by the Iranian Advanced Persistent Threat (APT) group known as Charming Kitten, also referred to as APT35, Mint Sandstorm, Cobalt Illusion, and Yellow Garuda. This malware was used in a series of spear-phishing attacks launched by the group since
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Ballistic BobcatUnspecified
1
Ballistic Bobcat, also known as APT35, APT42, Charming Kitten, TA453, and Phosphorus, is a threat actor group believed to be aligned with Iran. The group has been active for several years, developing and deploying a series of backdoor exploits known as Sponsor (versions v1 through v4). Ballistic Bob
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Newscaster Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
Iranian Charming Kitten APT targets various entities in Brazil, Israel, and the U.A.E. using a new backdoor
Securityaffairs
a year ago
Charming Kitten APT is targeting Iranian dissidents in Germany
Securityaffairs
a year ago
Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor
MITRE
a year ago
Newscaster Threat Uses Social Media for Intelligence Gathering
MITRE
a year ago
Advanced Persistent Threats (APTs) | Threat Actors & Groups
CERT-EU
a year ago
Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
Securityaffairs
a year ago
Charming Kitten used a new BellaCiao malware in recent wave of attacks
CERT-EU
a year ago
Charming Kitten targets critical infrastructure in US and elsewhere with BellaCiao malware