Experts Insight On APT35 Recent Phishing Attacks

It has been reported that the Iranian group APT35 (also known as Charming Kitten or Phosphorus) executed sophisticated spear-phishing campaigns that involved not only email attacks but also SMS messages over the festive season.

Experts Comments

January 15, 2021
Jamie Collier
Intelligence Analyst
Mandiant Threat Intelligence

Mandiant Threat Intelligence has tracked and monitored this activity, which we track as UNC788, for a number of years. UNC788 is cluster of activity suspected of working on behalf of the Iranian government. These actors TTPs typically consist of credential theft campaigns against corporate and personal email accounts. We are currently observing continued credential harvesting campaigns and emphasize that this activity is a long-term risk to vulnerable entities. Significantly, this group has

.....Read More

Mandiant Threat Intelligence has tracked and monitored this activity, which we track as UNC788, for a number of years. UNC788 is cluster of activity suspected of working on behalf of the Iranian government. These actors TTPs typically consist of credential theft campaigns against corporate and personal email accounts. We are currently observing continued credential harvesting campaigns and emphasize that this activity is a long-term risk to vulnerable entities. Significantly, this group has previously targeted journalists, Western think tanks, current and former government officials, as well as pharmaceutical and medical technology companies.



The use of SMS phishing is no surprise and highlights the breadth of social engineering tactics used by threat actors. Security teams typically dedicate significant resources to preventing and detecting malicious emails and threat actors have therefore pursued alternative means of contacting targets. For many years, Iranian groups have also employed fake social media personas to collect information on individuals and distribute malicious links. It is therefore imperative for security teams to implement security policies and user education programs that account for a wide range of social engineering tactics.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.