Threats Feed
- Public
CharmPower: APT35's Modular Toolset Exploits Log4j Vulnerability
APT35 has started widespread scanning and attempts to leverage the Log4j flaw in publicly facing systems only four days after the vulnerability was disclosed. The group used a modular PowerShell-based framework dubbed CharmPower for persistence, information gathering, and command execution.
read more about CharmPower: APT35's Modular Toolset Exploits Log4j Vulnerability - Public
APT35 Cyber Espionage: From Phishing to Spyware and Beyond
APT35 has used multiple tactics to compromise high-value targets. The group has used hijacked websites, such as one affiliated with a UK university, for credential phishing attacks. They have also uploaded spyware disguised as VPN software to app stores and impersonated conference officials to conduct phishing campaigns. Additionally, APT35 has utilized link shorteners and click trackers embedded within PDF files and abused services like Google Drive, App Scripts, and Sites pages. The group has adopted a novel approach by leveraging Telegram for real-time operator notifications, enabling them to monitor visitor information to their phishing sites.
read more about APT35 Cyber Espionage: From Phishing to Spyware and Beyond