top of page

New Iranian APT data extraction tool

In December 2021, TAG discovered a novel Charming Kitten tool, named HYPERSCRAPE, used to steal user data from Gmail, Yahoo!, and Microsoft Outlook accounts. The attacker runs HYPERSCRAPE on their own machine to download victims’ inboxes using previously acquired credentials. They have seen it deployed against fewer than two dozen accounts located in Iran. The oldest known sample is from 2020, and the tool is still under active development. They have taken actions to re-secure these accounts and have notified the victims through our Government Backed Attacker Warnings.

ADVERSARY: Charming Kitten


ATT&CK IDS: T1566 - Phishing, T1127 - Trusted Developer Utilities Proxy Execution, T1114 - Email Collection, T1136 - Create Account

Read More:

1 view


Commenting has been turned off.
bottom of page