Dorblue
Essential
- Joined
- 28.09.20
- Messages
- 93
- Reaction score
- 258
- Points
- 33
Over the past four years, Domestic Kitten has carried out extensive surveillance of users and conducted at least 10 malicious campaigns.
The specialists of the information security company Check Point told about the cyber operations conducted by the APT group Domestic Kitten. The group, also known as APT-C-50, was first discovered in 2018 and is believed to be linked to the Iranian government. According to the researchers, Domestic Kitten attacks users on the territory of Iran and "may pose a threat to the stability of the regime" in the country. Its victims include opponents of the current regime, human rights defenders and activists, journalists and lawyers.
According to a new publication by Check Point specialists, over the past four years, Domestic Kitten has carried out large-scale surveillance of users and conducted at least ten separate malicious campaigns, and its victims were at least 1.2 thousand people.
Currently, experts have recorded four active campaigns, and the most recent of them began in November last year. Its victims are users around the world, including in Iran, the United States, Pakistan and Turkey.
The group uses the FurBall malware, based on the commercial monitoring tool KidLogger. According to experts, the authors of the malware " either received the source code of KidLogger, or performed reverse engineering of its sample and removed all unnecessary details, and then added additional features."
FurBall spreads through several vectors, including phishing, web sites, Telegram channels, and SMS messages with malicious links. In order to trick the victim into installing malware, the group uses several tricks. For example, FurBall disguises itself as the VIPRE mobile antivirus solution, news agency apps, mobile games, app stores, restaurant apps, and desktop wallpapers.
Once installed on the attacked device, the malware can intercept SMS messages and call logs, collect data about the device, record conversations, steal media files, track the GPS coordinates of the device, and so on. FurBall transmits the collected information to C & C servers controlled by the group since 2018. The associated IP addresses are located in Iran.
The specialists of the information security company Check Point told about the cyber operations conducted by the APT group Domestic Kitten. The group, also known as APT-C-50, was first discovered in 2018 and is believed to be linked to the Iranian government. According to the researchers, Domestic Kitten attacks users on the territory of Iran and "may pose a threat to the stability of the regime" in the country. Its victims include opponents of the current regime, human rights defenders and activists, journalists and lawyers.
According to a new publication by Check Point specialists, over the past four years, Domestic Kitten has carried out large-scale surveillance of users and conducted at least ten separate malicious campaigns, and its victims were at least 1.2 thousand people.
Currently, experts have recorded four active campaigns, and the most recent of them began in November last year. Its victims are users around the world, including in Iran, the United States, Pakistan and Turkey.
The group uses the FurBall malware, based on the commercial monitoring tool KidLogger. According to experts, the authors of the malware " either received the source code of KidLogger, or performed reverse engineering of its sample and removed all unnecessary details, and then added additional features."
FurBall spreads through several vectors, including phishing, web sites, Telegram channels, and SMS messages with malicious links. In order to trick the victim into installing malware, the group uses several tricks. For example, FurBall disguises itself as the VIPRE mobile antivirus solution, news agency apps, mobile games, app stores, restaurant apps, and desktop wallpapers.
Once installed on the attacked device, the malware can intercept SMS messages and call logs, collect data about the device, record conversations, steal media files, track the GPS coordinates of the device, and so on. FurBall transmits the collected information to C & C servers controlled by the group since 2018. The associated IP addresses are located in Iran.