LetsDefend Monitoring Alert

APT35 HyperScrape Data Exfiltration Tool Detected

Dec, 27, 2023, 11:22 AM

Event ID: 212

Event Time: Dec, 27, 2023, 11:22 AM

Rule Name: SOC250 - APT35 HyperScrape Data Exfiltration Tool Detected

Alert Type: Data Leakage

MITRE Technique:
T1078 - Initial Access - Valid Accounts,
T1041 - Exfiltration - Exfiltration Over C2 Channel,
T1539 - Credential Access - Steal Web Session Cookie,
T1114 - Collection - Email Collection,
T1589 - Reconnaissance - Gather Victim Identity Information,

Real World Example:As of August 2022, APT35 aka Charming Kitten was observed using a new tool called Hyperscrape to extract emails from their victims’ mailboxes

Severity: Medium

Security Analyst

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166