Rainy Day Newsletter #12 (but not 35) - DomainTools Investigations | DTI Explore how agentic AI accelerates threat hunting by 10x, a deep dive into APT35’s internal operations, and B2B2C supply chain attacks in the DTI December newsletter.

The December DTI newsletter is here! ☕️
We’re kicking off 2026 with a recap of last month’s research and our monthly reading list. Read the full briefing: dti.domaintools.com/rainy-day-newsletter-12-...
#Infosec #ThreatIntel #AI #CyberSecurity #APT35

APT35 Sızıntısı: Siber casusluktan fiziksel suikast planlarına Aralık 2025 başı itibarıyla siber güvenlik dünyası, APT grupları özelinde son yıllardaki en büyük sızıntılarından birine tanık oldu. İran Devrim Muhafızları (IRGC) ile doğrudan bağlantılı olduğu bilin...

APT35 Sızıntısı: Siber casusluktan fiziksel suikast planlarına

#apt35 #CharmingKitten #İran #nationstate

webrecord.media/apt35-sizint...

Security researchers uncover unique Apache HTTP response indicators linked to APT-C-35, enhancing detection capabilities against this persistent threat. #CyberSecurity #APT35 #ThreatDetection Link: thedailytechfeed.com/researchers-...

Leaked documents expose the inner workings of Iranian cyber-espionage group Charming Kitten, revealing key personnel and thousands of compromised systems. #CyberSecurity #APT35 #CharmingKitten Link: thedailytechfeed.com/leaked-docum...

Charming Kitten Leak Continues: Payroll Data and a Stolen IAEA Document In my previous analyses of the Charming Kitten leak, I examined the organizational structure, target lists, financial infrastructure, and operational capabiliti...

New from the Charming Kitten #APT35 leak: Payroll records exposing 35 IRGC cyber operatives with names, bank accounts, and salaries. Additional footage of the Kashef surveillance platform tracking Iranian citizens. And a classified 2004 document... blog.narimangharib.com/posts/2025%2...

Newsletter 11 Could Take Forever The title of this month’s newsletter is a deep cut taken from the height of my favorite music genre, the admittedly awkwardly titled “Alternative Music.” What can I say, the 1990s in Seattle were wild, man - you had to be there.

Don't miss this! DTI’s November newsletter covers research exposing two major nation-state operations:
🇨🇳 China's GFW and 🇮🇷 APT35 /Charming Kitten
www.linkedin.com/pulse/newsletter-11-coul...
#Cybersecurity #InfoSec #GreatFirewall #APT35 #China #Iran

Leaked documents expose APT35's cyber espionage tactics targeting Middle Eastern and Asian entities. Stay informed and secure. #CyberSecurity #APT35 #CharmingKitten #CyberEspionage Link: thedailytechfeed.com/leaked-docs-...

Department 40 Exposed: Inside the IRGC Unit Connecting Cyber Ops to Assassinations A massive leak of internal documents has blown the cover off one of Iran's most active hacking groups. For years, the cybersecurity community tracked them as AP...

new blog post on #APT35 blog.narimangharib.com/posts/2025%2...

APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods A major 2025 leak exposed APT35’s structured, military-style cyber espionage operations, revealing detailed records and targeting methods.

APT35 Hacker Groups Internal Documents Leak Exposes their Targets and Attack Methods

cybersecuritynews.com/apt35-hacker...

#CyberSecurity #APT35 #OpSec #Iran

افشای هویت مدیران «اداره ۴۰» اطلاعات سپاه؛بزرگترین بانک اطلاعاتی جاسوسی تهران

Exposing the identity of "Unit 40" managers of IRGC intelligence;
Tehran's largest espionage intelligence database #APT35 #CharmingKitten
content.iranintl.com/unit40/index...

KittenBusters leaked #APT35 infrastructure docs. Using leaked passwords, I accessed their Edis Global accounts & downloaded invoices. They used phone numbers from Russia, Israel & Netherlands with fake addresses, paying via crypto. files.narimangharib.com/other/CK%20-...

Part two and three of the leaked Charming Kitten files reveal operations across five continents In my previous analysis of the Charming Kitten leak, I examined the unprecedented breach that exposed the inner workings of an Iranian state-sponsored hacking o...

BellaCiao was developed at Tehran's Shuhada base. Moses Staff & Sahyoun24 weren't independent—all run by the same IRGC unit. MORE... blog.narimangharib.com/posts/2025%2... #APT35

Unveiling APT35: Explore the structure, tools, and espionage tactics of the IRGC-linked cyber threat group. #CyberSecurity #APT35 #IRGC #ThreatAnalysis Link: thedailytechfeed.com/unveiling-ap...

Live dump of random #CTI / #ThreatIntel as I go through #KittenBusters
1/ If you see the username uuminder in your network and specifically in your ScreenConnect please send my regards to your new Iranian friend. for real hello the PWD is U123um10nder
#CVE-2024-1709 #APT35 @campuscodi.risky.biz

Massive Leak Exposes Inner Workings of Iranian Hacking Group Charming Kitten In what appears to be one of the most significant breaches of an Iranian state-sponsored hacking operation to date, an anonymous source has published internal d...

Breaking News: Iranian Advanced Persistent Threat Group #APT35 Has Been Compromised, with Internal Documents Leaked Online

blog.narimangharib.com/posts/2025%2...

Charming Kitten 2025: Strategic Target Selection and Researcher Surveillance Analysis Overview This research examines a new Charming Kitten campaign utilizing advanced impersonation tactics, long-term monitoring of security researchers, and unique infrastructure. This analysis is base...

Screw it, unlocking the paywall on my Charming Kitten investigation. Everyone should know how they're impersonating former Pentagon officials to target activists. Full technical details, IoCs, everything that was VIP-only is free now
vip.narimangharib.com/charming-kit...
#APT35

This is the first time I’ve published this kind of information behind a paywall, and interestingly, the CK team hasn’t picked it up yet. lol
#APT35

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks Jun 26, 2025Ravie LakshmananCyber Espionage / Malware An Iranian state-sponsored hacking group associated...

#Cyber #Security #aipowered #APT35 #Attacks #experts #hackers […]

[Original post on zephyrnet.com]

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks Iranian hackers linked to APT35 target Israeli professionals using AI-driven phishing, fake Gmail pages, and 2FA bypass.

Iranian APT35 hackers are targeting Israeli telecom infrastructure with sophisticated phishing campaigns to gather intelligence and disrupt communications. #CyberSecurity #APT35 #Telecom #ThreatIntel thehackernews.com/2025/06/iran...

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks source of the activity read more about Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks reconbee.com/iranian-apt3...

#iran #iranian #Israel #israeli #phishingattacks #phishing #phishingawareness #APT35 #cyberattack

BellaCiao,BellaCiao from the magic hound
to the poor sod who's account is browned
the magic that with the new year comes
spies and hounds and hides it's crumbs
whether social media or email links
do not click if it blinks or stinks
thehackernews.com/2024/12/iran...
#apt35 #charmingkitten #magichound

BellaCPP, Charming Kitten's BellaCiao variant written in C++ Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao malware dubbed BellaCPP, Kaspersky warns.

BellaCPP、C++ で書かれた魅力的な子猫の BellaCiao バリアント

BellaCPP, Charming Kitten’s BellaCiao variant written in C++ #SecurityAffairs (Dec 25)

#APT35 #CharmingKitten #BellaCPP #マルウェア #サイバー攻撃

#APT35 Launches Attacks on Aerospace and Semiconductor Industries in Multiple Countries : threatbook.io/blog/id/1095

#cyber #threatintel #apt #UNC1549

"One of Iran's top hacking groups has left a server exposed online where security researchers say they found a trove of screen recordings showing the hackers in action." #IBM #APT #ITG18 #APT35 #CyberSecurity