GreenCharlie

Description

(Recorded Future) In August 2024, open sources revealed that US political campaign officials and affiliates were targeted as part of Mint Sandstorm and APT 42 operations. In this report, we discuss threat activity associated with the Iran-nexus group we track as GreenCharlie, which overlaps with Magic Hound, APT 35, Cobalt Illusion, Charming Kitten. Recorded Future has tracked Iran-linked GreenCharlie activity and malicious infrastructure since 2020. Our global Network Intelligence capability has allowed us to identify and track a large and rapidly evolving cluster of infrastructure used to support GreenCharlie cyber-espionage campaigns. Now, we have been able to link this network to the recent targeting of US political campaigns.

Names

Name	Name-Giver
GreenCharlie	Recorded Future

Country

Iran

State-sponsored, Islamic Revolutionary Guard Corps (IRGC)

Motivation

Information theft and espionage

First Seen

2020

Observed Countries

Tools

Information

https://go.recordedfuture.com/hubfs/reports/cta-ir-2024-0820.pdf

Other Information

Uuid

2af4b14c-a108-4e9c-a87a-11c6b77de3df

Last Card Change

2024-10-23

Threat Intelligence Garden

Explorer

GreenCharlie

GreenCharlie

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks

Threat Intelligence Garden

Explorer

GreenCharlie

GreenCharlie

Description

Names

Country

Sponsor

Motivation

First Seen

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks