Newscaster

Threat Actor updated 6 months ago (2024-05-04T19:19:25.008Z)
Download STIX
Preview STIX
APT35, also known as Newscaster Team, is an Iranian government-sponsored cyber espionage group that conducts extensive operations to gather strategic intelligence. The group, which has been active since at least 2014, has been linked to a series of advanced persistent threat (APT) campaigns targeting various entities globally. Known by multiple names such as Charming Kitten, Phosphorus, Ajax Security Team, and TA453, the group has recently been dubbed Mint Sandstorm in Microsoft's updated threat actor naming taxonomy. The group has employed sophisticated tactics and tools in its operations. Volexity, a security firm, observed the group using an updated version of the PowerShell backdoor POWERSTAR in a spear-phishing campaign. ESET researchers have also reported a series of attacks conducted by the group, targeting entities in Brazil, Israel, and the United Arab Emirates. Notably, these attacks involve the use of targeted messages to victims with the aim of stealing login credential information. Newscaster's activities are primarily aimed at intelligence gathering, with potential applications ranging from supporting the development of weapon systems to gaining insight into U.S. military disposition or negotiations between Iran and the U.S. This was highlighted in a 2014 report by iSight, which described an elaborate net-based spying campaign organized by Iranian hackers using social media. Given the ongoing nature of Newscaster's activities and their potential implications for global security, it is crucial to continue monitoring and combating this threat actor.
Description last updated: 2024-05-04T18:24:00.888Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT35 is a possible alias for Newscaster. APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the
3
Charming Kitten is a possible alias for Newscaster. Charming Kitten, also known as APT42, Storm-2035, Damselfly, Mint Sandstorm, TA453, and Yellow Garuda, is a threat actor linked to Iran that has been involved in various cyberattacks targeting entities in Brazil, Israel, and the U.A.E. using a new backdoor. This group has been implicated in sophisti
2
Phosphorus is a possible alias for Newscaster. Phosphorus, also known as APT35 or Charming Kitten, is a prominent threat actor linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group is notorious for its cyberespionage activities and has been actively targeting high-profile individuals involved in Middle Eastern affairs at univ
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Newscaster Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more