| Category | Details |
|---|---|
| Threat Actors | Iranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO). |
| Campaign Overview | Fake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering. |
| Target Regions (Victims) | High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities. |
| Methodology | Social engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware. |
| Product Targeted | Intelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures. |
| Malware Reference | BlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut. |
| Tools Used | LNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers. |
| Vulnerabilities Exploited | Malware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths. |
| TTPs | Phishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox. |
| Attribution | TA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42). |
| Recommendations | Enhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains. |
| Source | Proofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities. |
Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
Share:
London, GB
12:12 am,
Mar 27, 2025
8°C
L: 6° |
H: 8°
Feels like 6°C°
scattered clouds
Daily ForecastHourly Forecast
Today
9:00 pm
6° | 8°°C
0 mm
0%
9 mph
90 %
1024 mb
0 mm/h
Tomorrow
9:00 pm
7° | 12°°C
1 mm
100%
13 mph
93 %
1015 mb
0 mm/h
Sat Mar 29
9:00 pm
4° | 12°°C
0 mm
0%
9 mph
78 %
1023 mb
0 mm/h
Sun Mar 30
9:00 pm
7° | 17°°C
0 mm
0%
10 mph
82 %
1024 mb
0 mm/h
Mon Mar 31
9:00 pm
8° | 15°°C
0 mm
0%
8 mph
86 %
1028 mb
0 mm/h
Today
3:00 am
8° | 9°°C
0 mm
0%
4 mph
87 %
1024 mb
0 mm/h
Today
6:00 am
8° | 8°°C
0 mm
0%
4 mph
90 %
1023 mb
0 mm/h
Today
9:00 am
11° | 11°°C
0 mm
0%
6 mph
69 %
1023 mb
0 mm/h
Today
12:00 pm
16° | 16°°C
0 mm
0%
7 mph
51 %
1021 mb
0 mm/h
Today
3:00 pm
17° | 17°°C
0 mm
0%
9 mph
47 %
1018 mb
0 mm/h
Today
6:00 pm
15° | 15°°C
0 mm
0%
7 mph
60 %
1017 mb
0 mm/h
Today
9:00 pm
12° | 12°°C
0 mm
0%
6 mph
78 %
1017 mb
0 mm/h
Tomorrow
12:00 am
10° | 10°°C
0 mm
0%
7 mph
82 %
1015 mb
0 mm/h
| Name | Price | 24H (%) |
|---|---|---|
 Bitcoin(BTC) | €80,962.23 | -0.47% |
 Ethereum(ETH) | €1,871.65 | -2.65% |
 Tether(USDT) | €0.93 | -0.01% |
 XRP(XRP) | €2.19 | -4.03% |
 Solana(SOL) | €127.80 | -4.38% |
 USDC(USDC) | €0.93 | -0.01% |
 Dogecoin(DOGE) | €0.181488 | 2.29% |
 Shiba Inu(SHIB) | €0.000013 | 2.62% |
 Pepe(PEPE) | €0.000008 | 6.59% |
 Peanut the Squirrel(PNUT) | €0.214428 | 7.85% |
