| Category | Details |
|---|---|
| Threat Actors | Iranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO). |
| Campaign Overview | Fake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering. |
| Target Regions (Victims) | High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities. |
| Methodology | Social engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware. |
| Product Targeted | Intelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures. |
| Malware Reference | BlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut. |
| Tools Used | LNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers. |
| Vulnerabilities Exploited | Malware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths. |
| TTPs | Phishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox. |
| Attribution | TA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42). |
| Recommendations | Enhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains. |
| Source | Proofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities. |
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Share:
London, GB
1:55 am,
Jan 18, 2025
3°C
L: 2° |
H: 4°
Feels like 1°C°
overcast clouds
Daily ForecastHourly Forecast
Today
9:00 pm
2° | 4°°C
0 mm
0%
4 mph
92 %
1032 mb
0 mm/h
Tomorrow
9:00 pm
1° | 5°°C
0 mm
0%
7 mph
91 %
1023 mb
0 mm/h
Mon Jan 20
9:00 pm
2° | 6°°C
0 mm
0%
4 mph
97 %
1020 mb
0 mm/h
Tue Jan 21
9:00 pm
4° | 7°°C
0 mm
0%
5 mph
97 %
1019 mb
0 mm/h
Wed Jan 22
9:00 pm
4° | 8°°C
0.2 mm
20%
9 mph
97 %
1013 mb
0 mm/h
Today
3:00 am
2° | 3°°C
0 mm
0%
2 mph
87 %
1032 mb
0 mm/h
Today
6:00 am
1° | 3°°C
0 mm
0%
1 mph
90 %
1032 mb
0 mm/h
Today
9:00 am
2° | 2°°C
0 mm
0%
2 mph
90 %
1031 mb
0 mm/h
Today
12:00 pm
5° | 5°°C
0 mm
0%
3 mph
71 %
1030 mb
0 mm/h
Today
3:00 pm
6° | 6°°C
0 mm
0%
3 mph
65 %
1027 mb
0 mm/h
Today
6:00 pm
4° | 4°°C
0 mm
0%
4 mph
86 %
1026 mb
0 mm/h
Today
9:00 pm
3° | 3°°C
0 mm
0%
4 mph
92 %
1025 mb
0 mm/h
Tomorrow
12:00 am
2° | 2°°C
0 mm
0%
3 mph
85 %
1023 mb
0 mm/h
| Name | Price | 24H (%) |
|---|---|---|
 Bitcoin(BTC) | €101,450.08 | 2.90% |
 Ethereum(ETH) | €3,368.17 | 2.66% |
 XRP(XRP) | €3.15 | -1.14% |
 Tether(USDT) | €0.97 | 0.07% |
 Solana(SOL) | €212.31 | 1.68% |
 Dogecoin(DOGE) | €0.414343 | 10.59% |
 USDC(USDC) | €0.97 | 0.01% |
 Shiba Inu(SHIB) | €0.000023 | 8.10% |
 Pepe(PEPE) | €0.000019 | 10.19% |
 Peanut the Squirrel(PNUT) | €0.65 | 9.40% |
