GreenCharlie is a threat actor attributed to IR. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does GreenCharlie exploit?

Specific CVE exploitation data for GreenCharlie is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

GreenCharlie

IRInformation theft and espionage

Exploited CVEs

Overview

In August 2024, open sources revealed that US political campaign officials and affiliates were targeted as part of Mint Sandstorm and APT 42 operations. In this report, we discuss threat activity associated with the Iran-nexus group we track as GreenCharlie, which overlaps with Magic Hound, APT 35, Cobalt Illusion, Charming Kitten . Recorded Future has tracked Iran-linked GreenCharlie activity and malicious infrastructure since 2020. Our global Network Intelligence capability has allowed us to identify and track a large and rapidly evolving cluster of infrastructure used to support GreenCharlie cyber-espionage campaigns. Now, we have been able to link this network to the recent targeting of US political campaigns.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database