كوشيك بالم

APT35 (Charming Kitten) operates a professional malware ecosystem featuring Saqeb System and RAT-2AC2 RATs, custom webshells, and FUD-tested modules. The group’s C2 uses TOR, multi-hop relays, and encrypted traffic for persistence and stealth. Targeting airlines, law enforcement, and regional infrastructure (2022-2025), it links cyber operations to IRGC geopolitical objectives

CloudSEK’s TRIAD team analyzed leaked internal documents from Iran-linked APT35 (Charming Kitten), revealing its structure, tools, and espionage operations. The group—tied to the IRGC—targeted government, legal, energy, and financial sectors across the Middle East, U.S., and Asia through phishing, CVE exploits, and supply-chain attacks. The leak exposes Iran’s organized cyber-espionage network capable of long-term persistence, data theft, and national security risks