| Category | Einzelheiten |
|---|---|
| Threat Actors | Iranian Threat actor TA453 (Charming Kitten), likely supporting Iranian government interests, specifically the IRGC Intelligence Organization (IRGC-IO). |
| Campaign Overview | Fake podcast invitation sent to a religious figure, leading to the delivery of BlackSmith malware, specifically the AnvilEcho PowerShell Trojan. Targeted intelligence gathering. |
| Target Regions (Victims) | High-profile targets, including a prominent Jewish figure and likely other political and diplomatic entities. |
| Methodology | Social engineering through multi-email phishing and fake podcast invitations. Use of ZIP archives, LNK files, and obfuscated PowerShell scripts to deliver malware. |
| Product Targeted | Intelligence gathering and exfiltration using PowerShell malware, mainly targeting political and diplomatic figures. |
| Malware Reference | BlackSmith malware toolkit (AnvilEcho PowerShell Trojan). Previous tools include GorjolEcho, PowerStar, and MischiefTut. |
| Tools Used | LNK files, PowerShell, ZIP archives, steganography (used in Beautifull.jpg), various DLL files (soshi.dll, toni.dll), C++ toolset for BlackSmith, and various network C2 servers. |
| Vulnerabilities Exploited | Malware uses multiple evasion techniques, such as bypassing SSL certificate validation, disabling antivirus detection, and obfuscating execution paths. |
| TTPs | Phishing with fake invitations, PowerShell scripting for remote access, use of encrypted C2 channels, and exfiltration via FTP/Dropbox. |
| Attribution | TA453 is assessed to operate in support of the IRGC-IO, with links to other Iranian-aligned threat groups (e.g., APT42). |
| Recommendations | Enhanced phishing detection, network monitoring for unusual traffic, and blocking known C2 domains. |
| Quelle | Proofpoint analysis of the malware and campaign, with references to various external sources confirming TA453’s activities. |
Beste Vorsätze: TA453 zielt auf religiöse Figur mit gefälschter Podcast-Einladung und liefert neues BlackSmith Malware-Toolset
Teilen:
London, GB
10:00 am,
Juni 15, 2025
18°C
L: 18° |
H: 19°
Fühlt sich an wie 18°C°
aufgelockerte Bewölkung
Tägliche VorhersageStündliche Vorhersage
Today
10:00 pm
18° | 19°°C
0 mm
0%
12 mph
74 %
1025 mb
0 mm/h
Tomorrow
10:00 pm
14° | 25°°C
0 mm
0%
9 mph
85 %
1028 mb
0 mm/h
Di. Juni 17
10:00 pm
16° | 26°°C
0 mm
0%
10 mph
83 %
1027 mb
0 mm/h
Mi. Juni 18
10:00 pm
15° | 27°°C
0 mm
0%
7 mph
76 %
1026 mb
0 mm/h
Do. Juni 19
10:00 pm
17° | 28°°C
0 mm
0%
10 mph
76 %
1027 mb
0 mm/h
Today
10:00 am
18° | 19°°C
0 mm
0%
9 mph
70 %
1021 mb
0 mm/h
Today
1:00 pm
20° | 22°°C
0 mm
0%
9 mph
64 %
1021 mb
0 mm/h
Today
4:00 pm
22° | 24°°C
0 mm
0%
11 mph
49 %
1022 mb
0 mm/h
Today
7:00 pm
21° | 21°°C
0 mm
0%
12 mph
54 %
1023 mb
0 mm/h
Today
10:00 pm
17° | 17°°C
0 mm
0%
8 mph
74 %
1025 mb
0 mm/h
Tomorrow
1:00 am
15° | 15°°C
0 mm
0%
5 mph
84 %
1027 mb
0 mm/h
Tomorrow
4:00 am
14° | 14°°C
0 mm
0%
3 mph
85 %
1027 mb
0 mm/h
Tomorrow
7:00 am
16° | 16°°C
0 mm
0%
3 mph
76 %
1028 mb
0 mm/h
| Name | Preis | 24H (%) |
|---|---|---|
 Bitcoin(BTC) | €91,116.46 | 0.13% |
 Ethereum(ETH) | €2,183.51 | -0.54% |
 Fesseln(USDT) | €0.87 | 0.00% |
 XRP(XRP) | €1.86 | -1.09% |
 Solana(SOL) | €125.82 | -0.28% |
 USDC(USDC) | €0.87 | 0.00% |
 Dogecoin(DOGE) | €0.151374 | -1.20% |
 Shiba Inu(SHIB) | €0.000010 | -1.34% |
 Pepe(PEPE) | €0.000010 | -0.35% |
