ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > GreenCharlie

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: GreenCharlie

NamesGreenCharlie (Recorded Future)
CountryIran Iran
SponsorState-sponsored, Islamic Revolutionary Guard Corps (IRGC)
MotivationInformation theft and espionage
First seen2020
Description(Recorded Future) In August 2024, open sources revealed that US political campaign officials and affiliates were targeted as part of Mint Sandstorm and APT 42 operations. In this report, we discuss threat activity associated with the Iran-nexus group we track as GreenCharlie, which overlaps with Magic Hound, APT 35, Cobalt Illusion, Charming Kitten. Recorded Future has tracked Iran-linked GreenCharlie activity and malicious infrastructure since 2020. Our global Network Intelligence capability has allowed us to identify and track a large and rapidly evolving cluster of infrastructure used to support GreenCharlie cyber-espionage campaigns. Now, we have been able to link this network to the recent targeting of US political campaigns.
ObservedCountries: USA.
Tools usedGORBLE, NOKNOK, POWERSTAR, TAMECAT.
Information<https://go.recordedfuture.com/hubfs/reports/cta-ir-2024-0820.pdf>

Last change to this card: 23 October 2024

Download this actor card in PDF or JSON format

Previous: Grayling
Next: Group5

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]