Who They’re After
APT35, also known as the Newscaster Team, has a broad target list that spans the U.S., Western Europe, and the Middle East. Their sights are set on high-stakes sectors: military, diplomatic, and government personnel, as well as organizations in media, energy, defense, engineering, business services, and telecommunications. If you’re in these sectors, they’re very likely eyeing your operations.
What’s Their Agenda?
APT35 is no small-time player. This Iranian government-backed group is all about cyber espionage, running long-term, resource-heavy operations to gather strategic intelligence. They’ve been at it since at least 2014, with a clear focus on collecting data that serves national interests. While their tools might not always be cutting-edge—often relying on publicly available web shells and penetration testing tools—their operations are anything but amateur. The sheer scale and complexity of their social engineering efforts show that they’re well-funded and extremely patient.
Their Tools of Choice
APT35’s toolkit includes a mix of malware like ASPXSHELLSV, BROKEYOLK, PUPYRAT, TUNNA, MANGOPUNCH, DRUBOT, and HOUSEBLEND. These tools are designed to infiltrate, persist, and extract valuable data without raising alarms.
How They Get In
APT35 knows how to hit where it hurts. They typically start with spearphishing, using lures that are hard to resist—think healthcare alerts, job postings, resumes, or urgent password policy updates. They’re also savvy enough to use credentials stolen in previous breaches, slipping into systems by leveraging the trust you place in familiar processes. In addition, they employ strategic web compromises and password spray attacks on externally facing web applications, casting a wide net to find weak spots.
Why This Matters to Us
At Hedgehog Security, we know that APT35’s focus on critical sectors makes them a formidable threat. Their tactics are designed to breach even the most secure environments, which is why our mission is to stay ahead of their every move. Whether you’re in government, media, or energy, the threat is real, and the stakes couldn’t be higher.
We understand the nuances of APT35’s operations, and we’re here to ensure that your defenses are robust enough to keep them at bay. By anticipating their strategies and deploying our cutting-edge SOC365 services, we don’t just react—we proactively protect. Our job is to make sure that APT35 and groups like them hit a wall when they try to breach your defenses, keeping your organization secure and your operations running smoothly.
Remember, with Hedgehog Security on your side, you’re not just protecting your data—you’re safeguarding your entire operation against threats like APT35. Let’s keep the pricks on the outside where they belong.