Charming Kitten is a apt_group tracked across 12 threat clusters and 14 intelligence report mentions on ThreatCluster. First observed November 5, 2025; most recent activity May 26, 2026.
Iranian state-aligned hackers, known as Nimbus Manticore (UNC1549), have intensified cyberattacks against the US aviation sector amid the ongoing US-Iran military conflict. Utilizing career-themed phishing and a novel…
Following the outbreak of fighting involving Iran, there has been a significant increase in cyber espionage activities targeting governments and diplomatic missions across the Middle East. Research from Proofpoint…
North Korea's cyber program has transitioned to a modular malware strategy, moving away from monolithic malware families to a more fragmented ecosystem. This change is a response to years of international sanctions, law…
On March 11, 2026, New York Governor Kathy Hochul announced new cybersecurity regulations for drinking water and wastewater facilities, following a previous announcement in summer 2025. These regulations, described as…
A coordinated cyber attack targeting Iran has been attributed to Advanced Persistent Threats (APTs) and hacktivist proxies. These groups, often state-funded, are known for executing sophisticated attacks on critical…
Between June and August 2025, a previously unidentified Iranian cyber actor, dubbed UNK_SmudgedSerpent, conducted targeted phishing attacks against US academics and foreign policy experts. The campaign aimed to steal…
The RedKitten campaign has emerged, utilizing AI-driven malware to target individuals and organizations monitoring human rights violations during the Dey 1404 protests in Iran. Discovered by HarfangLab, the campaign…
A massive leak has revealed the operations of Iran's elite cyber unit, Charming Kitten, which is linked to the Revolutionary Guards. The leak includes details about the unit's hacking infrastructure and attempts to…
The Iranian state-backed group Charming Kitten, also known as APT35, has leaked internal files revealing key personnel, front companies, and thousands of compromised systems across five continents. The leak indicates…
Between June and August 2025, the Iranian-linked APT UNK_SmudgedSerpent conducted targeted phishing campaigns against US academics and foreign policy experts. The group employed techniques such as credential theft and…