Intel Drops #2

Exposing Iran's APT Charming Kitten (allegedly)

A user named KittenBuster is claiming to expose the operations of APT Charming Kitten, a cyber unit linked to Iran’s Intelligence Organization (IRGC-IO). The repo appeared on September 28.

I don’t understand the language so I can’t figure out what exactly is included but from what I have seen it looks like it contains :

ℹ️ vulnerability research (confluence, wordpress, ivanti, apache, etc.)
ℹ️ OSINT on targets
ℹ️ attack reports including domains
ℹ️ mentions of tools like Anydesk

They claim that “Every few days, we will release more evidence about their activities, along with additional information about their personal lives.” so stay tuned.

If this is legit it could be a goldmine of information as it provides visibility into how APT cyber operations are structure and executed. Would love to get some more information about the data so please reach out if you are researching this.