Cyber Threat Report: 'CharmingCypress: Innovating Persistence'

Report Author	Volexity
Publication Date	2024-02-15
Original Reporting	Source
Attributed to Nation	Iran
Related Intrusion Sets	CharmingCypress
Victim Sectors	Education, Non Profit

This report by Volexity outlines campaigns conducted by the actor they call CharmingCypress (aka Charming Kitten). The report describes targeting of journalists, activists, academics and policy experts using a combination of intense surveillance and social engineering before deploying malware. Malware analyzed in the report includes: NOKNOK, POWERLESS and BASICSTAR.

Cyber Threat Graph Context

Explore how this report relates to the wider threat graph

Mitigations to defend against the techniques in this report

Execution Prevention

Block execution of code on a system through application control, and/or script blocking.

User Account Management

Manage the creation, modification, use, and permissions associated to user accounts.

Identified MITRE ATT&CK Techniques

ATT&CK ID	Title	Associated Tactics
T1547.004	Winlogon Helper DLL	Persistence, Privilege Escalation