New research out from @DomainTools Investigations today!

We took time to pull apart the "Charming Kitten" data dump and analyze it accordingly.

Always fascinating to me how different the threat actor groups can be both domestically and regionally. In APT35's case, much more militarily regimented, versus hybrid "state startup waterfall" or "criminal-state merge blend" setups.

#infosec #cybersecurity #threatintel

dti.domaintools.com/threat-int…

Threat Intelligence Report: APT35 Internal Leak of Hacking Campaigns Against Lebanon, Kuwait, Turkey, Saudi Arabia, Korea, and Domestic Iranian Targets - DomainTools Investigations | DTI

Unmasking APT35 (Charming Kitten). New report analyzes leaked internal documents, revealing their operational profile, Exchange attack chains (ProxyShell, EWS), and quota-driven compromise strategies.

^{DomainTools Investigations | DTI}