An Insider Look At The IRGC-linked APT35 Operations: Ep1 & Ep2

**Executive Summary:** CloudSEK analyzed a credible leak of Charming Kitten (APT35) internal Persian-language operational materials revealing coordinated teams, custom RAT development (RTM), day‑1 exploitation of CVE-2024-1709, mass router/DNS manipulation, supply‑chain intrusions, long‑term Active Directory domination, and large-scale exfiltration from government, legal, education, energy, aviation, and financial targets across the Middle East (with secondary impact to US and Asia), indicating a highly capable IRGC‑linked espionage program with significant regional and international security implications.