Recently, during one of our threat hunting operations, our squad identified multiple malicious domains impersonating major Egyptian service providers, including Fawry, the Egypt Post, and Careem. These domains were likely established to support fraud, phishing campaigns, and other malicious activities targeting users and organizations. Before we begin our analysis, we will provide an overview of […]

Executive Summary APT35, also known as Magic Hound and Charming Kitten, is an Iranian state-backed cyber espionage group active since at least 2014. The threat actor is known for strategic intelligence-gathering, data theft, and disruption operations aligned with Iran’s geopolitical and military objectives. The group’s primary targets include energy, government, defense, and technology sectors, with […]

Recently observed an uptick in threat actors abusing RMM tools for initial access via phishing. I decided to investigate several popular RMMs — AnyDesk, ConnectWise ScreenConnect, and **Atera **— and published my findings on how APT groups abuse these platforms in my DarkAtlas research. If you’re tracking modern intrusion trends, these tools are worth watching closely. Why RMMs Are Abused RMM platforms provide remote […]