Hackers associated with the Iranian government have been attacking the US private and government sector.
Hackers associated with the Iranian government have been attacking the US private and government sector.
The Private Industry Notification didn’t identify the hackers by name. Still, according to sources, the group is tracked by the broader cybersecurity community under codenamed such as Fox Kitten or Parasite.
One of the former government cyber-security analysts who currently works for a private security firm called the group as Iran’s “spear tip” when it comes to cyberattacks.
The preliminary task of the group is to provide as `initial beachhead’ to other Iranian hacking groups such as Oilrig (APT34), Shamoon (APT33) or Chafer. The operators attack high-end and expensive network equipment employing exploits for recently disclosed vulnerabilities before companies had enough time to patch devices. The primary target includes large private organisations and government networks.
Once the hackers gain entry to a device, they install a web shell or backdoor, transforming the equipment into a gateway into the hacked network.
The FBI notifies that the group still targets vulnerabilities such as:
- Pulse Secure "Connect" enterprise VPNs (CVE-2019-11510)
- Fortinet VPN servers running FortiOS (CVE-2018-13379)
- Palo Alto Networks "Global Protect" VPN servers (CVE-2019-1579)
- Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)
Fox Kitten upgraded its assault arsenal to incorporate and exploit for CVE-2020-5902, a vulnerability disclosed in early July that impacts BIG-IP, a highly regarded multi-purpose networking system manufactured by F5 Networks.
“The FBI warns companies that once the hackers gain access to their networks, they are very likely to provide access to other Iranian groups or monetize networks that aren't useful for espionage by deploying ransomware. While the FBI asked US companies to patch their on-premise BIG-IP devices to prevent successful intrusions, FBI officials also shared details about a typical Fox Kitten attack so that companies can deploy countermeasures and detection rules," notes ZDNet.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?