APT35

Overview: APT35, also known as Charming Kitten, Newscaster, or Mint Sandstorm, conducts long-term, resource-intensive operations to collect strategic intelligence.

Suspected Attribution: Iranian government-sponsored cyber espionage team

Target Sectors: U.S., Western Europe, and Middle Eastern military, diplomatic, and government personnel organizations in the media, energy, and defense Industrial base, engineering, business services, and telecommunications sectors.

Attack Vectors: APT35 typically relies on spearphishing to initially compromise an organization, often using lures related to health care, job postings, resumes, or password policies. They employ marginally sophisticated tools, including publicly available webshells and penetration testing tools. However, the breadth and scope of APT35’s operations indicates that the group is well resourced in other areas.

Associated Malware: ASPXSHELLSV, BROKEYOLK, PUPYRAT, TUNNA, MANGOPUNCH, DRUBOT, HOUSEBLEND

Related Terms

Advanced Persistent Threat (APT)

An Advanced Persistent Threat (APT) is a targeted and prolonged cyber attack by skilled attackers who gain ...

Anti-Phishing

Techniques and mechanisms implemented in SWGs to detect and block phishing attacks, which attempt to deceive users ...

API Attack Surface

The set of all endpoints and functions exposed by an application programming interface (API) that could be ...

APT39

Overview: APT39, also known as Chafer, surveils individuals and entities considered to be a threat to Iranian ...

APT41

Overview: APT41, also known as Brass Typhoon. Espionage targeting healthcare, telecoms, and the high-tech sector, ...

Aquatic Panda

Overview: Aquatic Panda collects intelligence and conducts industrial espionage. Suspected Attribution: ...

Attack Surface

The total sum of all potential points or areas in a system, network, or application that are susceptible to ...

Attack Surface Analysis

The process of evaluating and understanding the various entry points and potential weaknesses in a system or ...

Attack Surface Reduction

Strategies and practices aimed at minimizing the overall attack surface by eliminating unnecessary services, ...

Backdoor

A hidden entry point or mechanism intentionally left in a system by developers or attackers to bypass security ...

Bandwidth Control

The ability to manage and allocate network bandwidth for web traffic, ensuring optimal performance and preventing ...

Banyan Threat Protection

Banyan Threat Protection is a section within the ITP Policy page, in which an admin can block threats from end ...

4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
5

Latest Blog Posts

See All Blog Posts

Podcasts

See All Podcasts

Tyler Farrar, CISO at Exabeam, joins Den Jones on the GISGID podcast

Case Studies

See All Case Studies

APT35

Related Terms

Advanced Persistent Threat (APT)

Anti-Phishing

API Attack Surface

APT39

APT41

Aquatic Panda

Attack Surface

Attack Surface Analysis

Attack Surface Reduction

Backdoor

Bandwidth Control

Banyan Threat Protection

Latest Blog Posts

Q1 2024 Release Notes

Banyan Security + SonicWall: Democratizing easy, fast, and secure remote access for the masses

MFA Is Broken

Podcasts

GISGID EP 32 – Tyler Farrar, CISO at Exabeam

GISGID EP 31 – John Yeoh of Cloud Security Alliance

Identity Jedi Podcast – Corporate Security, Zero Trust, and Identity Control

Case Studies

Webinar: How to Achieve Zero Trust Security by Leveraging Your Existing Security Investments

Revolutionizing Healthcare Cybersecurity with Banyan Security SSE

Banyan Security Enables Zero Trust Access on Oracle Cloud