CharmingCypress Innovating Persistence
This blog post describes targeted campaigns by the threat actor CharmingCypress that reveal a high level of effort dedicated to support their spear-phishing operations. CharmingCypress is highly committed to conducting surveillance on targets to determine how to manipulate them and deploy malware. The post documents new malware families associated with CharmingCypress campaigns in 2023-2024 including POWERLESS BASICSTAR and malware-laden VPN applications used to distribute NOKNOK and POWERLESS.