APT42 Crooked Charms – Pros and Cons

January 1, 2023

The APT42 Crooked Charms is a method of espionage used by the United States in Afghanistan. Its aim is to take down target organizations and their agents. To achieve this, it involves targeting, tactics, techniques, and procedures. The article provides an overview of the various aspects of the procedure. It also identifies its pros and cons.


APT42 is an Iranian cyber espionage group that has targeted high-profile targets inside and outside Iran. The group uses highly-targeted spear phishing to gather intelligence and steal personal documents. The group also conducts surveillance operations against strategic interest to the Iranian government.

APT42 believed to run by hackers with advanced technical knowledge and experience. It has a history of targeting high-profile individuals within Iran, including political scientists, members of the Green Movement and dissidents who left the country due to fear for their safety. APT42 has also targeted high-profile individuals and organizations in Israel and the United Kingdom.

APT42 sends spear phishing emails to impersonate legitimate senders and contain malicious attachments. The email will contain an embedded link to a credential harvesting page and will send from a compromised email account. The actor will build trust with the target before stealing their credentials.


APT42 is an Iranian state-sponsored cyber espionage group. APT42’s activities aimed at collecting intelligence and gaining a better understanding of the internal dynamics of target organizations. The group uses credential harvesting and social engineering to achieve its goals.

APT42 has several well-known targets. The group targets individuals and organizations associated with the Iranian government, including former officials, dissidents, and foreign policy experts. In addition, it targets academics, think tanks, pharmaceutical firms, and non-profits.

APT42’s activities also include surveillance and information collection operations. The group uses mobile malware and credential harvesting forms to bypass authentication methods. Typical activities include accessing emails of opposition groups, journalists, and corporate employees. It has also used to intercept SMS-based one-time passwords. APT42’s infrastructure is also a command-and-control center, capable of tracking victim locations and performing malware installations.


APT42 is a notable Iranian state-sponsored cyber espionage group. According to the latest report by Mandiant, APT42 has been active since at least 2015. The group has made headlines by intercepting SMS-based one-time passwords and has also been known to break into the mobile phones of Iranian dissidents.

APT42 has several lightening quick techniques to achieve their goals. These include mobile malware, custom backdoors, and the SMS-based one-time password hack. In addition, APT42 has been known to leverage credential harvesting forms to bypass MFA and access other accounts.

Besides its notable operational history, APT42 is also known to deploy the SMS-based one-time-password hack and Android malware on target computers. The mobile malware can track the location of the victim.


APT42, the Iranian state sponsored cyber espionage group, has been circling the cyber crime pond for the better part of two years. Their nefarious activity includes phishing attacks, surveillance operations and information collection. APT42 is a highly versatile actor, able to switch tactics and adjust their targets to their operational interests. Its infrastructure is a collection of command-and-control servers. It can also intercept SMS-based one-time passwords. Its mobile malware can record phone conversations. In addition, it able to extract entire SMS inboxes. It even deploys a backdoor written in Go programming language.

APT42 Crooked Charms has a long operational history, with over 30 targeted organizations of interest to the Iranian government in the last two years alone. Its targets include Western government officials, foreign policy experts, former government officials, former and current academics, and Iranian diaspora groups. Its targeting strategies are typical of other Iranian cyber espionage actors. In the past two years, the group has also been involved in several other notable incidents. These include a targeted attack against the pharmaceutical industry, a botnet operation against the US military, and the phishing and surveillance operations.

APT42 Crooked Charms – Impact on target organizations

APT42 is a cyber espionage group believed to be run by Iranian hackers with advanced technical capabilities. It has targeted organizations in 14 countries. It conducts information collection operations, reconnaissance activities, and surveillance of targets. In addition, it uses spear-phishing techniques, including phishing attacks, and Android malware to infiltrate victim networks.

APT42 targets individuals and organizations in the Middle East region, specifically Iran, and is also pursuing dissidents inside Iran. Among its targets are Iranian dual-nationals, political opponents, journalists, and foreign-based opposition groups. APT42 also extracts SMS inboxes and records phone conversations. It has an infrastructure for Android mobile malware.

In addition to surveillance, APT42 crooked charms conducts information collection operations and has an extensive operational history. It able to respond quickly to changing geopolitical conditions. Its activities also designed to avoid detection and uses highly-targeted spear phishing campaigns. It targets specific individuals and organizations and focuses on credential harvesting and building rapport with victims. Its activities include accessing email accounts of former Iranian government officials and Western think tanks. Its infrastructure also includes command-and-control servers.

Ammar Fakhruddin


Ammar brings in 18 years of experience in strategic solutions and product development in Public Sector, Oil & Gas and Healthcare organizations. He loves solving complex real world business and data problems by bringing in leading-edge solutions that are cost effective, improve customer and employee experience. At Propelex he focuses on helping businesses achieve digital excellence using Smart Data & Cybersecurity solutions.

Preparing Businesses for AI-Powered Security Threats

Preparing Businesses for AI-Powered Security Threats

Preparing businesses for AI-powered security threats. Stay ahead of evolving cybersecurity challenges with proactive strategies and advanced technologies. When AI goes wrong, the repercussions can be devastating. They range from the loss of life if an AI medical...

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs’ Risk with Data Broker Management

Reducing CISOs' risk with data broker management. Explore strategies to enhance cybersecurity and safeguard sensitive information in the digital landscape. Every time you use a search engine, social media app or website, buy something online or even fill out a survey...

Vulnerability Prediction with Machine Learning

Vulnerability Prediction with Machine Learning

Advance vulnerability prediction with machine learning. Explore how AI can enhance proactive cybersecurity measures to mitigate potential risks. Machine learning is a field devoted to understanding and building methods that let machines “learn” – that is, methods that...

Recent Case Studies

Mid-size US based firm working on hardware development and provisioning, used DevOps-as-a-...
One of the fastest growing providers of wealth management solutions partnered to build a m...
A US based software startup working on the advancements in genomics diagnostics and therap...

Press Releases

News & Events


Managed Security Services
Security & Privacy Risk Assessment
Cloud Platform Security
Incident Response & Business Continuity

Penetration Testing

Virtual CISO

Email Security & Phishing



About Us