Behzad Mesri, the Iranian national the US has accused of hacking HBO this year, is part of an elite Iranian cyber-espionage unit known in infosec circles as Charming Kitten, according to a report released yesterday by Israeli firm ClearSky Cybersecurity.

Known as an APT (Advanced Persistent Threat), this group has been active since 2013 and is believed to be operating under the protection of the local Iranian government.

The group's activities have been first exposed in March 2014, when US cyber-security firm FireEye published a report entitled "Operation Saffron Rose."

Charming Kitten —also tracked under various codenames such as Newscaster, NewsBeef, Flying Kitten, and the Ajax Security Team— was one of the most active Iran-based cyber-espionage units at the time, but once the FireEye report went public, the group dismantled its infrastructure and went dormant.

Subsequent research published by Iran Threats and ClearSky show that parts of the old Charming Kitten infrastructure, such as malware and credential theft resources, have been reused by another Iranian cyber-espionage unit named Rocket Kittens, and possibly more.

Go to link