Iranian Hackers Attack Local Residents, Posing A Threat to The Current Regime

Specialists of the information security company Check Point spoke about the cyber operations carried out by the APT group Domestic Kitten. The group, also known as APT-C-50, was first discovered in 2018 and is believed to be linked to the Iranian government.

 According to the researchers, Domestic Kitten attacks users in Iran and "could pose a threat to the stability of the regime" in the country. Among its victims are opponents of the current regime, human rights defenders and activists, journalists and lawyers.

Over the past four years, Domestic Kitten has carried out large-scale surveillance of users and conducted at least ten separate malware campaigns, and at least 1.2 thousand people were killed, according to a new publication by Check Point specialist

Currently, experts have recorded four active campaigns, the most recent of which began in November last year. Its victims are users all over the world, including Iran, USA, Pakistan and Turke

The group uses FurBall malware based on the commercial monitoring tool KidLogger. According to experts, the authors of the malware "either received the KidLogger source code, or reverse-engineered its sample and removed all unnecessary details, and then added additional features

FurBall spreads along several vectors, including phishing, websites, Telegram channels, and SMS messages with malicious links. In order to trick the victim into installing malware, the group uses several tricks. For example, FurBall disguises itself as VIPRE's mobile antivirus solution, news agency apps, mobile games, app stores, restaurant apps, and desktop wallpaper

Once installed on an attacked device, the malware can intercept SMS messages and call logs, collect data about the device, record conversations, steal media files, track the device's GPS coordinates, etc. FurBall transfers the collected information to C&C servers controlled by the group since 2018. The associated IP addresses are located in Iran

Previous Post Next Post