Iranian state-sponsored threat operation Charming Kitten, also known as APT35, Mint Sandstorm, Cobalt Illusion, and Yellow Garuda, has launched a new wave of spear-phishing attacks deploying the POWERSTAR backdoor since May, according to The Hacker News. Additional measures to prevent detection have been employed by Charming Kitten in the latest POWERSTAR attacks, which involved the use of an LNK file within a password-protected RAR file to facilitate backdoor download from Backblaze, a report from Volexity revealed.
Source: SC Magazine