Unmasking APT35: Defend your organization against their constantly upgraded playbook
APT35 (also known as Charming Kitten, Phosphorus, Newscaster, and more) is an Iranian state-sponsored cyber-espionage group that primarily targets governmental organizations, defense contractors, research institutions, and human rights activists.
The group’s sophisticated cyber attacks use a variety of tactics, techniques, and procedures (TTPs) such as spear-phishing, social engineering, and malware deployment to obtain data from targets.
In this month’s campaign, we feature a spotlight providing a deep-dive into APT35’s advanced capabilities, its attack history, the TTPs it uses, and defense tips for protecting organizations against emerging threats.
Overview of APT35
APT35 has been operational since at least 2011, engaging in intelligence gathering and stealing sensitive information.
Organizations should be aware of and learn about APT35 due to the group’s advanced capabilities and potential to inflict significant damage on targeted entities. As an Iranian state-sponsored threat actor, APT35 gained access to considerable resources and expertise, enabling it to conduct highly targeted and effective cyber-espionage campaigns.
Understanding the tactics, techniques, and procedures employed by APT35 can help organizations bolster their cyber defenses and minimize the risk of falling victim to such attacks. Knowing this group is essential for organizations operating in sensitive sectors or regions, as it allows them to keep up with emerging threats and better protect their valuable assets, intellectual property, and confidential information.
How to mitigate APT35 attacks
APT35’s attacks are primarily focused on gathering intelligence and espionage activities.
To protect against such attacks, organizations can implement a multi-layered defense strategy that includes network segmentation, intrusion detection and prevention systems, anti-virus software, and two-factor authentication. It is also important to regularly update software and systems to patch vulnerabilities and to train employees on how to detect and report suspicious activity.
There are many defensive measures that can help against such attacks. Here are a few:
- Advanced threat detection and response solutions
- Policies and procedures
- Vendor risk management program
- Monitoring for reused tools and infrastructure
- Focusing on the static approach
Access the full spotlight above to learn everything you need to know about APT35 and how to defend your organization against their constantly upgraded playbook.