Charming Kitten APT Group Uses Innovative Spear-phishing Methods
The Charming Kitten APT group, an Iranian-based threat actor, has been using innovative spear-phishing methods to compromise credentials and systems of their targets. Researchers at Volexity have observed the group distributing an updated version of the POWERSTAR backdoor (aka CharmPower). The latest version of POWERSTAR employs features like IPFS and publicly accessible cloud hosting for decryption and configuration details. Charming Kitten's spear-phishing campaign involves posing as a genuine person with a verifiable public profile, initiating contact, and establishing rapport with the target before sending malicious attachments. The POWERSTAR backdoor has multiple features, including remote execution of PowerShell and CSharp commands, persistence via startup tasks, and registry run keys. Since 2021, Charming Kitten has enhanced the malware to increase detection complexity. Malware: CharmPower, POWERSTAR, CharmingKitten [View Article](https://gbhackers.com/charming-kitten-apt-group-2/)