Dubbed Rampant Kitten; the campaign has been going on for the last 6 years in which, among other tools and platforms, Iranian hackers have been utilizing Android backdoor apps.
State-sponsored attackers happen to be one of the most dangerous threats out there due to the vast amount of resources they have backing them up. While almost every country engages in it, some are at the forefront.
One such example is Iran who uses it for a range of purposes. Keeping this in mind, in the latest, researchers from Checkpoint have uncovered an Iranian espionage cyber-campaign running for the past 6 years whose main focus is to target its own citizens living abroad in addition to state critics.
Some examples of these targets, according to researchers, include the Azerbaijan National Resistance Organization and Association of Families of Camp Ashraf and Liberty Residents (AFALR).
See: Iranian APT group hacking VPN servers for “Fox Kitten Campaign”
Delving into the details, the entire campaign dubbed as Rampant Kitten centered around using a variety of tools and attack tactics. Firstly, they targeted 2 main applications, the desktop app of famous messenger Telegram and a password manager named KeePass.
They did so by making users access a malicious MS Word document named “The Regime Fears the Spread of the Revolutionary Cannons.docx” which runs a payload to check if Telegram is installed on the user’s machine.
If found, 3 more payloads are installed ..
Support the originator by clicking the read the rest link below.
