An Iranian based group Pioneer Kitten is trying to monetize by selling access to some of the networks it has hacked to other hackers.
An Iranian based group Pioneer Kitten is trying to monetize by selling access to some of the networks it has hacked to other hackers.
Cybersecurity firm Crowdstrike reported that they had spotted one of Iran’s state-sponsored hacking groups selling access to compromised corporate networks on an underground hacking forum.
“PIONEER KITTEN tradecraft is characterized by a pronounced reliance on exploits of remote external services on internet-facing assets to achieve initial access to victims, as well as almost total reliance on open-source tooling during operations,” reported Crowdstrike.
The Iranian hacker group has been hacking VPN servers over the past few months to plant backdoors in companies around the world targeting Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs.
Pioneer Kitten
The hacking group is an Iran-based adversary, active since 2017. This adversary focuses on gaining and maintaining access to entities possessing sensitive information of likely intelligence interest to the Iranian government.
The codename Pioneer Kitten is an alternative designation for the group, also known as Fox Kitten or Parasite.
Pioneer Kitten exploits
The group is interested in exploits related to multiple vulnerabilities in VPNs and networking devices, including
- CVE-2018-13379 - Fortinet VPN servers running FortiOS
- CVE-2019-1579 - Palo Alto Networks “Global Protect” VPN servers
- CVE-2019-11510 - Pulse Secure “Connect” enterprise VPNs
- CVE-2019-19781 - Citrix “ADX” servers and Citrix Network Gateways
- CVE-2020-5902 - F5 Networks BIG-IP load balancers
“PIONEER KITTEN’s namesake operational characteristic is its reliance on SSH tunnelling, through open-source tools such as Ngrok and the adversary’s custom tool SSHMinion, for communication with implants and hands-on-keyboard activity via Remote Desktop Protocol (RDP),” reads the report published by Crowdstrike.
Pioneer Kitten Targets
The group have focused their attacks against entities in North America and Israeli, targeting sectors including government, technology, aviation, healthcare, media, defense, consulting and professional services, academic, engineering, chemical, manufacturing, insurance, financial services and retail.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?