In October 2025, internal documents from APT 35 (Charming Kitten), an Iranian‑aligned cyber‑espionage operator, were leaked, revealing a highly bureaucratized intelligence apparatus with structured tasking, supervisory oversight, and specialized teams focused on sustained access and large‑scale data collection. The leaked materials show targeting against entities such as Türk Telekom in Türkiye and Nour Communication Co. Ltd in Saudi Arabia. DomainTools software helped investigators by providing domain‑level context for APT 35’s infrastructure, including historical DNS data, WHOIS records, and risk signals tied to command‑and‑control and phishing domains. This enabled teams to map the group’s operational footprint, connect leaked IP and domain indicators, attribute activity to specific cam

Join for free to read