Forwarded from BlackBox (Security) Archiv
Rampant Kitten β An Iranian Espionage Campaign
Introduction
Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.
π‘ Among the different attack vectors we found were:
ππΌ Four variants of Windows infostealers intended to steal the victimβs personal documents as well as access to their Telegram Desktop and KeePass account information
ππΌ Android backdoor that extracts two-factor authentication codes from SMS messages, records the phoneβs voice surroundings and more
ππΌ Telegram phishing pages, distributed using fake Telegram service accounts
π‘ The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:
ππΌ Association of Families of Camp Ashraf and Liberty Residents (AFALR)
ππΌ Azerbaijan National Resistance Organization
ππΌ Balochistan people
π ππΌ https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
π ππΌ https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes
#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Introduction
Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchers and journalists, our investigation allowed us to connect the different campaigns and attribute them to the same attackers.
π‘ Among the different attack vectors we found were:
ππΌ Four variants of Windows infostealers intended to steal the victimβs personal documents as well as access to their Telegram Desktop and KeePass account information
ππΌ Android backdoor that extracts two-factor authentication codes from SMS messages, records the phoneβs voice surroundings and more
ππΌ Telegram phishing pages, distributed using fake Telegram service accounts
π‘ The above tools and methods appear to be mainly used against Iranian minorities, anti-regime organizations and resistance movements such as:
ππΌ Association of Families of Camp Ashraf and Liberty Residents (AFALR)
ππΌ Azerbaijan National Resistance Organization
ππΌ Balochistan people
π ππΌ https://research.checkpoint.com/2020/rampant-kitten-an-iranian-espionage-campaign/
π ππΌ https://www.zdnet.com/article/iranian-hacker-group-developed-android-malware-to-steal-2fa-sms-codes
#iranian #hacker #rampantkitten #android #malware #espionage #thinkabout
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@BlackBox_Archiv
π‘@NoGoolag
Check Point Research
Rampant Kitten - An Iranian Espionage Campaign - Check Point Research
Introduction Check Point Research unraveled an ongoing surveillance operation by Iranian entities that has been targeting Iranian expats and dissidents for years. While some individual sightings of this attack were previously reported by other researchersβ¦