During the past four months a wave of cyber-attacks has been targeting Israeli companies. The attacks are conducted by different means and target a range of sectors. We estimate with medium to high confidence that Pay2Key is a new operation conducted by Fox Kitten, an Iranian APT group that began a new wave of attacks […]
Read MoreOperation Quicksand
During September 2020, we identified a new campaign targeting many prominent Israeli organizations. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm). MuddyWater was previously exposed as a contractor for the IRGC (Islamic Republic Guard Corps). ClearSky and Profero comprehensively researched this campaign. During the campaign, […]
Read MoreThe Kittens Are Back in Town 3
During 2017-2019, Clearsky had published several reports about the Iranian APT group “Charming Kitten”. One of the group’s most common attack vectors is impersonating journalists, particularly those from the German “Deutsche Welle” broadcasting company and the “Jewish Journal” magazine. Starting July 2020, we have identified a new TTP of the group, impersonating “Deutsche Welle” and […]
Read MoreFox Kitten – Widespread Iranian Espionage-Offensive Campaign
During the last quarter of 2019, ClearSky research team has uncovered a widespread Iranian offensive campaign which we call “Fox Kitten Campaign”; this campaign is being conducted in the last three years against dozens of companies and organizations in Israel and around the world. Read the full Report: Fox Kitten – Widespread Iranian Espionage-Offensive Campaign […]
Read MorePowDesk: PowerShell Script for LANDesk Management Agent Hosts
PowDesk is a simple PowerShell-based script for hosts that run LANDesk Management Agent. This script is compatible with both 32-bit and 64-bit systems and exfiltrates the computer’s name through a PHP page stored at a certain domain name. After analyzing the script behavior, we assess that potential attackers might create a whitelist of companies that […]
Read MoreThe Kittens Are Back in Town 2 – Charming Kitten Campaign Keeps Going on, Using New Impersonation Methods
On the 15th of September 2019, we have published a report[1] about a sharp increase in Charming Kitten attacks against researchers from the US, Middle East, and France, focusing on Iranian academic researchers, Iranian dissidents in the US. In our last report, we exposed a new cyber espionage campaign that was conducted in July 2019. […]
Read MoreThe Kittens Are Back in Town Charming Kitten – Campaign Against Academic Researchers
In 2019 ClearSky Cyber Security observed a sharp increase in Charming Kitten attacks, after an absence of a few months and after 2019 Microsoft official complaint against the group for “establishing an internet-based cybertheft operation referred to as ‘Phosphorus’“. Read the full report: The Kittens Are Back in Town Charming Kitten – Campaign Against Academic […]
Read More