DFIR and CTI Analysis Date: 2025-10-29
This report provides a comprehensive analysis of the Tactics, Techniques, and Procedures (TTPs), operational tradecraft, and targeting patterns of the threat actor group known as "Charming Kitten." The analysis is based on a leaked dataset of the group's internal documents, logs, and operational reports. The findings indicate a sophisticated and well-organized actor with a clear focus on espionage and disruptive attacks.
A groundbreaking finding from the Episode 4 leak is the direct link between Charming Kitten and the previously distinct threat groups known as "Moses-Staff" and "Qassam". Analysis of the group's internal infrastructure and payment records reveals that these are not separate entities, but rather pseudo-names or campaigns operated by Charming Kitten. This attribution, which has not been publicly documented before, is a critical development in understa