Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Researchers Uncover 6-Year Cyber Espionage Campaign Targeting Iranian Dissidents

Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what's a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information.


The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts — one for Windows and the other for Android — using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.


Calling the operation "Rampant Kitten," cybersecurity firm Check Point Research said the suite of malware tools had been mainly used against Iranian minorities, anti-regime organizations, and resistance movements such as the Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization, and citizens of Balochistan.


Windows Info-Stealer Targets KeePass and Telegram


Per Check Point, the infection chain was first traced to a malware-laced Microsoft Word document ("The Regime Fears the Spread of the Revolutionary Cannons.docx"), which, when opened, executes a next-stage payload that checks for the presence of the Telegram app on the Windows system, and if so, drop three additional malicious executables to download auxiliary modules and exfiltrate relevant Telegram Desktop and KeePass files from the victim's computer.



In doing so, the exfiltration allows the attacker to hijack the indiv ..

Support the originator by clicking the read the rest link below.