APT35

APT35 Description

The APT35 (Advanced Persistent Threat) is a hacking group that is believed to originate from Iran. This hacking group is also known under several other aliases – Newscaster Team, Phosphorus, Charming Kitten and Ajax Security Team. The APT35 hacking group is usually involved both in politically motivated campaigns, as well as financially motivated ones. The APT35 hacking group tends to concentrate their efforts against actors involved in human rights activism, various media organizations, and the academic sector mainly. Most of the campaigns are carried out in the United States, Israel, Iran and the United Kingdom.

Popular APT35 Campaigns

One of the most notorious APT35 operations is the one carried out against HBO that took place in 2017. In it, the APT35 leaked over 1TB of data, which consisted of staff personal details and shows, which were yet to be aired officially. Another infamous APT35 campaign that put them on the map is the one that also involved a U.S. Air Force defector. The individual in question aided APT35 in getting access to classified government data. In 2018, the APT35 group built a website that was meant to mimic a legitimate Israeli cybersecurity company. The only difference was that the fake website had a slightly altered domain name. This campaign helped the APT35 get the login details of some of the company’s clients. The latest infamous campaign involving the APT35 was carried out in December 2018. In this operation, the APT35 group operated under the Charming Kitten alias. This operation targeted various political activists who had influence in the economic sanctions, as well as military sanctions placed on Iran at the time. The APT35 group posed as high-ranking professionals involved in the same fields as their targets. The attackers used tailored phishing emails carrying fake attachments, as well as bogus social media profiles.

APT35’s DownPaper Malware

The DownPaper tool is a backdoor Trojan, which is mostly used as a first-stage payload and has the capabilities to:

  • Establish a connection with the attacker’s C&C (Command & Control) server and receive commands and harmful payloads, which are to be executed on the infiltrated host.
  • Gain persistence by tampering with the Windows Registry.
  • Gather information about the compromised system, such as hardware and software data.
  • Execute CMD and PowerShell commands.

The APT35 hacking group is a very persistent group of individuals, and it is unlikely that they plan on halting their activities any time soon. Keeping in mind that the political climate around Iran has been heating up for a while, it is likely that we will keep hearing about the APT35 group’s campaigns in the future.

Do You Suspect Your PC May Be Infected with APT35 & Other Threats? Scan Your PC with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like APT35 as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Note: SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. Free Remover allows you to run a one-off scan and receive, subject to a 48-hour waiting period, one remediation and removal. Free Remover subject to promotional details and Special Promotion Terms. To understand our policies, please also review our EULA, Privacy Policy and Threat Assessment Criteria. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?

Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.