One of the safe houses of the IRGC Cyber Division HQ on Malekloo Street, Tehran, opposite Iran University of Science and Technology, was hit by a US and Israeli missile strike today
This is the same facility from which Seyyed Ali Aghamiri, Yaser Balaghi, and Masoud Jalili launched phishing attacks.
Two years ago I had published this video. On March 4th, this target in Tehran was struck with a missile.
😎
Sadly, I informed all authorities including DuckDNS in December, but they didn't take it seriously and still haven't shut down either the server or the DuckDNS infrastructure.
Salary and wage report for members of the Charming Kitten (#APT35) cyber group in May 2025 based on current exchange rates. This report represents the operational costs of cyber operations against journalists, human rights activists, and political activists in Iran.
New from the Charming Kitten #APT35 leak: Payroll records exposing 35 IRGC cyber operatives with names, bank accounts, and salaries. Additional footage of the Kashef surveillance platform tracking Iranian citizens. And a classified 2004 document... blog.narimangharib.com/posts/2025%2...
#CK 194[.]76[.]226[.]226
The Ministry of Intelligence of the Islamic Republic's cyber group "Banished Kitten", which is operating under the name "Handala", has gained access to Suvarnabhumi Airport (BKK). blog.narimangharib.com/posts/2025%2...
NEW: Europol shut down Cryptomixer, a crypto service alleged to have facilitated the laundering of 1.3 billion euros since 2016.
Service was allegedly used by cybercriminals, drug and weapons traffickers, and ransomware gangs.
techcrunch.com/2025/12/01/e...
Today I am presenting the call logs from #APT35's IRGC-IO official VoIP services. This exclusive information was previously detailed in episode 4 of the KittenBusters series.
- files.narimangharib.com/other/FanapT...
- files.narimangharib.com/other/Custom...
new blog post on #APT35 blog.narimangharib.com/posts/2025%2...
Exposing the identity of "Unit 40" managers of IRGC intelligence;
Tehran's largest espionage intelligence database #APT35 #CharmingKitten
content.iranintl.com/unit40/index...
Are you ready? Wait for new updates from the kittens. 😆
KittenBusters leaked #APT35 infrastructure docs. Using leaked passwords, I accessed their Edis Global accounts & downloaded invoices. They used phone numbers from Russia, Israel & Netherlands with fake addresses, paying via crypto. files.narimangharib.com/other/CK%20-...
😀
New Charming Kitten APT35 leak shows their entire budget. Bitcoin payments for domains and hosting, ProtonMail accounts (still active, I checked), Iranian shell companies, the whole operation running on maybe $10k.
Ravin Academy confirmed the breach and published a statement.
Group-IB Threat Intelligence uncovered a sophisticated phishing campaign orchestrated by the Advanced Persistent Threat (APT) MuddyWater, targeting international organizations worldwide to gather foreign intelligence. www.group-ib.com/blog/muddywa... #RavinAcademy
A comprehensive database containing complete registration records of Ravin Academy students has been obtained by me, revealing detailed personal information of individuals enrolled in the organization's training programs.
blog.narimangharib.com/posts/2025%2...
BellaCiao was developed at Tehran's Shuhada base. Moses Staff & Sahyoun24 weren't independent—all run by the same IRGC unit. MORE... blog.narimangharib.com/posts/2025%2... #APT35
t.me/narimangharib
Breaking News: Iranian Advanced Persistent Threat Group #APT35 Has Been Compromised, with Internal Documents Leaked Online
blog.narimangharib.com/posts/2025%2...
