 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: GreenCharlie| Names | GreenCharlie (Recorded Future) | |
| Country |  Iran | |
| Sponsor | State-sponsored, Islamic Revolutionary Guard Corps (IRGC) | |
| Motivation | Information theft and espionage | |
| First seen | 2020 | |
| Description | (Recorded Future) In August 2024, open sources revealed that US political campaign officials and affiliates were targeted as part of Mint Sandstorm and APT 42 operations. In this report, we discuss threat activity associated with the Iran-nexus group we track as GreenCharlie, which overlaps with Magic Hound, APT 35, Cobalt Illusion, Charming Kitten. Recorded Future has tracked Iran-linked GreenCharlie activity and malicious infrastructure since 2020. Our global Network Intelligence capability has allowed us to identify and track a large and rapidly evolving cluster of infrastructure used to support GreenCharlie cyber-espionage campaigns. Now, we have been able to link this network to the recent targeting of US political campaigns. | |
| Observed | Countries: USA. | |
| Tools used | GORBLE, NOKNOK, POWERSTAR, TAMECAT. | |
| Information | <https://go.recordedfuture.com/hubfs/reports/cta-ir-2024-0820.pdf> | |
Last change to this card: 23 October 2024
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |