| Category | Details |
|---|---|
| Threat Actors | Iranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO). |
| Campaign Overview | Fake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering. |
| Target Regions (Victims) | High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities. |
| Methodology | Social engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware. |
| Product Targeted | Intelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures. |
| Malware Reference | BlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut. |
| Tools Used | LNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers. |
| Vulnerabilities Exploited | Malware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths. |
| TTPs | Phishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox. |
| Attribution | TA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42). |
| Recommendations | Enhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains. |
| Source | Proofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities. |
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Share:
London, GB
11:59 am,
Apr 22, 2025
15°C
L: 14° |
H: 17°
Feels like 14°C°
broken clouds
Daily ForecastHourly Forecast
Today
10:00 pm
14° | 17°°C
0 mm
0%
11 mph
76 %
1017 mb
0 mm/h
Tomorrow
10:00 pm
8° | 11°°C
1 mm
100%
12 mph
94 %
1018 mb
0 mm/h
Thu Apr 24
10:00 pm
8° | 16°°C
0.71 mm
71%
5 mph
91 %
1023 mb
0 mm/h
Fri Apr 25
10:00 pm
8° | 17°°C
0.2 mm
20%
7 mph
90 %
1023 mb
0 mm/h
Sat Apr 26
10:00 pm
11° | 18°°C
1 mm
100%
7 mph
98 %
1023 mb
0 mm/h
Today
1:00 pm
15° | 16°°C
0 mm
0%
8 mph
58 %
1017 mb
0 mm/h
Today
4:00 pm
15° | 16°°C
0 mm
0%
10 mph
52 %
1017 mb
0 mm/h
Today
7:00 pm
14° | 14°°C
0 mm
0%
11 mph
56 %
1016 mb
0 mm/h
Today
10:00 pm
10° | 10°°C
0 mm
0%
7 mph
76 %
1016 mb
0 mm/h
Tomorrow
1:00 am
10° | 10°°C
0 mm
0%
7 mph
77 %
1014 mb
0 mm/h
Tomorrow
4:00 am
9° | 9°°C
1 mm
100%
10 mph
94 %
1012 mb
0 mm/h
Tomorrow
7:00 am
8° | 8°°C
1 mm
100%
11 mph
93 %
1011 mb
0 mm/h
Tomorrow
10:00 am
8° | 8°°C
1 mm
100%
9 mph
93 %
1012 mb
0 mm/h
| Name | Price | 24H (%) |
|---|---|---|
 Bitcoin(BTC) | €76,802.18 | 1.40% |
 Ethereum(ETH) | €1,412.36 | -0.29% |
 Tether(USDT) | €0.87 | 0.00% |
 XRP(XRP) | €1.82 | -1.00% |
 Solana(SOL) | €121.27 | 0.00% |
 USDC(USDC) | €0.87 | 0.00% |
 Dogecoin(DOGE) | €0.142269 | 1.53% |
 Shiba Inu(SHIB) | €0.000011 | -0.79% |
 Pepe(PEPE) | €0.000007 | 3.30% |
