Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign

2020-02-18 19:48

According to the analysis, Fox Kitten's objective has been to develop and maintain access routes to the targeted organizations, establishing persistent footholds within them; stealing information; and pivoting from within to additional targets via supply-chain attacks.

The APT34 connection stems from the fact that part of the attack infrastructure used by the group in previous campaigns has been reused for Fox Kitten.

The same vulnerabilities that the group exploited for the ZeroCleare attacks were targeted in Fox Kitten, ClearSky researchers noted.

Researchers there called that campaign "Parisite" - and ClearSky researchers said that Parisite is in fact just one part of the broader Fox Kitten campaign.

This is based on overlaps between some of the files used in the Parisite campaign and the files and tools used in the Fox Kitten campaign, they said.

News URL

https://threatpost.com/iranian-apts-fox-kitten-global-spy-campaign/152974/

#APT #iran #SPY