ESET Research reported on Monday that they discovered the Iranian APT35/APT42 group targeting entities in Brazil, Israel, and the U.A.E. using an undocumented backdoor. The threat actor, also known as Charming Kitten, has a history of targeting education, government, healthcare, human rights, and journalism organizations in the Middle East and the United States.
Charming Kitten has utilized and evolved the backdoor, dubbed Sponsor, since its first deployment in September 2021. The threat actor used the latest version against 34 known victims in the three target countries. The campaign obtains initial access to target networks by exploiting known vulnerabilities in Microsoft Exchange servers. The U.S., U.K., and Australia released a joint advisory on Iranian threat actors leveraging Fortinet and Microsoft Exchange vulnerabilities in November 2021. Charming Kitten scans the internet for targets with unpatched vulnerabilities. Sponsor is capable of collecting host information and receiving process instructions from a remote server.
Read More:
https://thehackernews.com/2023/09/charming-kitens-new-backdoor-sponsor.html