Friday, July 23, 2021

The Domestic Kitten hacking group has a threat to the Iranian regime

Must Read

Microsoft Exchange zero-day exploited in attacks against US local governments

Ongoing investigations into the active use of four Microsoft Exchange bugs has revealed attacks against US local government agencies. On...

Apple developers targeted by EggShell Backdoor

Xcode malicious projects are used to hijack developer systems and distribute EggShell custom backdoors. The malware, called XcodeSpy, is targeted...

Hackers abuses OBS Studio to Spread BIOPASS Malware

Researchers from Trend Micro revealed a new malware dubbed BIOPASS, that abuses Open Broadcaster Software (OBS) Studio's live-streaming app...

Investigators have revealed the internal functioning of the Domestic Kitten team’s surveillance operations.

The Domestic Kitten also followed as the APT-C-50, is the leading opposition group (APT). First discovered in 2018, APT has ties to the Iranian government and is linked to domestic violence “which could be detrimental to the stability of the Iranian state,” according to Check Point.

Targeted people could include anti-government activists, human rights activists, journalists and lawyers.

In a blog post on Monday, a team of Check Point researchers said Domestic Kitten had been vigilant over the past four years, launching at least ten different campaigns and keeping a list of 1,200 people, at least.

So far, four active campaigns have been registered, the most recent of which appears to have begun in November and continues. Domestic Kitten Victims are found worldwide, including countries such as Iran, the US, Pakistan and Turkey.

APT uses a mobile malware called FurBall. The malware is based on commercially available software called KidLogger, and according to investigators, “it looks like the developers found the source code for KidLogger, or simply retrieved the sample and removed all the external components, adding more capabilities.”

FurBall is still distributed through various attacks, including phishing scams, Iranian websites, Telegram channels, and SMS messages containing malware link.

Malware uses multiple encryptions to trick the victim into installing; such as installing mobile security like “VIPRE”, pretending to be a news app, which acts as a redesigned mobile game available on Google Play, in-app stores, restaurant apps, and wallpaper apps.

Once installed on a targeted device, FurBall can receive SMS messages, capture call logs, collect device details, record contacts, steal media and saved files, monitor device GPS coordinates and therefore track their movements for purposes, and more.

Once the information has been collected from the damaged device, it can be sent to the command and control servers (C2) used by Domestic Kitten from 2018. Connected IP addresses are located in Iran, Tehran and Karaj.

On Monday, researchers at Check Point, along with SafeBreach, also unveiled the activities of a second-threatening group targeting Iranian opponents – but instead of focusing on their smartphones, their PCs are at risk.

Dubbed Infy, the APT – known to have been around since 2007 and allegedly sponsored by the government – has revived its efforts with previously unprecedented malware, major Infy malware upgrades, and repairs to previous C2 infrastructure.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This