An internal leak from APT35 (Charming Kitten) reveals a sophisticated, state-directed cyber-intelligence operation targeting diplomatic, government, and corporate networks in the Middle East and Asia. The documents expose a bureaucratic structure with defined workflows, performance metrics, and specialized teams for exploit development, credential theft, and phishing campaigns. The group's focus on Exchange servers, use of ProxyShell exploits, and persistent mailbox monitoring demonstrate a strategic emphasis on long-term intelligence collection. The leak provides unprecedented insight into Iran's cyber capabilities, showing a mature apparatus that blends technical prowess with military-style oversight.