Executive Summary APT35, also known as Magic Hound and Charming Kitten, is an Iranian state-backed cyber espionage group active since at least 2014. The threat actor is known for strategic intelligence-gathering, data theft, and disruption operations aligned with Iran’s geopolitical and military objectives. The group’s primary targets include energy, government, defense, and technology sectors, with […]

Recently observed an uptick in threat actors abusing RMM tools for initial access via phishing. I decided to investigate several popular RMMs — AnyDesk, ConnectWise ScreenConnect, and **Atera **— and published my findings on how APT groups abuse these platforms in my DarkAtlas research. If you’re tracking modern intrusion trends, these tools are worth watching closely. Why RMMs Are Abused RMM platforms provide remote […]

Executive Summary Conti ransomware, first identified in 2019, quickly became one of the most notorious ransomware operations due to its advanced encryption, rapid lateral movement, and use of double extortion tactics. Operated as a Ransomware-as-a-Service (RaaS) by the Russia-based Wizard Spider group, Conti is believed to have evolved from Ryuk ransomware and maintained suspected ties […]