CharmingCypress
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Iran |
| Directly Linked Intrusion Sets | Mint Sandstorm , Charming Kitten , APT35 , PHOSPHORUS |
CharmingCypress is an intrusion set tracked by Volexity and attributed to Iran - showing overlaps with Charming Kitten / APT42 / TA453. Volexity researchers assess that CharmingCypress is tasked with collecting political intelligence against foreign targets with a particular focus on think tanks, NGOs and journalists.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
CharmingCypress Threat Reports
Report
CharmingCypress: Innovating Persistence
This report by Volexity outlines campaigns conducted by the actor they call CharmingCypress (aka Charming Kitten). The report describes targeting ...
References
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1547.004 | Winlogon Helper DLL | Persistence, Privilege Escalation |