Rocket Kitten
   HOME

TheInfoList



Click Here for Items Related To - Rocket Kitten
OR:
Rocket Kitten on:   [Wikipedia]   [Google]   [Amazon]

Rocket Kitten or the Rocket Kitten Group is a
hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any Hacker (hobbyist), computer hobbyist. The hacker ...
thought to be linked to the
Iran Iran, officially the Islamic Republic of Iran (IRI) and also known as Persia, is a country in West Asia. It borders Iraq to the west, Turkey, Azerbaijan, and Armenia to the northwest, the Caspian Sea to the north, Turkmenistan to the nort ...
ian government. The threat actor group has targeted a variety of organizations and individuals, particularly in the Middle East, including Israel, Saudi Arabia, Iran, the United States, and the Netherlands.


Origins

Cybersecurity firm
FireEye Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company that was founded in 2022. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and ana ...
first identified the group as Ajax Security Team, writing that the group appears to have been formed in 2010 by the hacker personas "Cair3x" and "HUrr!c4nE!". By 2012, the threat actor group turned their focus to Iran's political opponents. Their targeted attack campaigns, dubbed "Rocket Kitten", have been known since mid-2014. By 2013 or 2014, Rocket Kitten had shifted its focus to malware-based cyberespionage. Security firm
Check Point Check Point Software Technologies Ltd. is an Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security ...
describes Rocket Kitten as an "attacker group of Iranian origin." Rocket Kitten's code uses
Persian language Persian ( ), also known by its endonym and exonym, endonym Farsi (, Fārsī ), is a Western Iranian languages, Western Iranian language belonging to the Iranian languages, Iranian branch of the Indo-Iranian languages, Indo-Iranian subdivision ...
references. The group's targets are involved in defense, diplomacy, international affairs, security, policy research, human rights, and journalism. According to Check Point, the group has targeted Iranian dissidents, the
Saudi royal family The House of Saud ( ) is the ruling royal family of Saudi Arabia. It is composed of the descendants of Muhammad bin Saud, founder of the Emirate of Diriyah, known as the First Saudi State, (1727–1818), and his brothers, though the ruling fa ...
, Israeli nuclear scientists and
NATO The North Atlantic Treaty Organization (NATO ; , OTAN), also called the North Atlantic Alliance, is an intergovernmental organization, intergovernmental Transnationalism, transnational military alliance of 32 Member states of NATO, member s ...
officials. Security researchers found that they carried out a "common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus." Other researchers determined that Rocket Kitten's attacks bore a similarity to those attributed to Iran's
Revolutionary Guards The Islamic Revolutionary Guard Corps (IRGC), also known as the Iranian Revolutionary Guards, is a multi-service primary branch of the Iranian Armed Forces. It was officially established by Ruhollah Khomeini as a military branch in May 1979 i ...
. Intelligence officials from the Middle East and Europe linked Rocket Kitten to the Iranian military establishment. Rocket Kitten favours a
Remote Access Trojan In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely from one system (usually a PC, but the concept applies equally to a server or a sma ...
, and by 2015, researchers found it was using customised malware.


History


Operation Saffron Rose

Cybersecurity firm FireEye released a report in 2013 finding that Rocket Kitten had conducted several cyberespionage operations against United States defense industrial base companies. The report also detailed the targeting of Iranian citizens who use anti-censorship tools to bypass Iran's Internet filters.


Operation Woolen-Goldfish

Trend Micro is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, and cloud ...
identified the Operation Woolen-Goldfish campaign in a March 2015 paper. The campaign included improved spearphishing content.


Oyun

In November 2015, security errors by Rocket Kitten allowed the firm Check Point to gain password-less root access to "Oyun", the hackers' back-end database. They discovered an application that was able to generate personalized phishing pages and contained a list of over 1,842 individual targets. Among Rocket Kitten's spearphishing targets from June 2014 to June 2015, 18% were from Saudi Arabia, 17% were from the United States, 16% were from Iran, 8% were from the Netherlands, and 5% were from Israel. Analysts used credentials to access key logs of the group's victims and found that Rocket Kitten had apparently tested their malware on their own workstations and failed to erase the logs from the data files. Check Point identified an individual named Yaser Balaghi, going by Wool3n.H4t, as a ringleader of the operation.


Telegram hack

In August 2016, researchers identified Rocket Kitten as being behind a hack of
Telegram Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas pi ...
, a cloud-based instant messaging service. The hackers exploited Telegram's reliance on SMS verification, comprising over a dozen accounts and stealing the user IDs and telephone numbers of 15 million Iranians who use the software. Opposition organizations and reformist political activists were among the victims.


References


External links


The Spy Kittens Are Back: Rocket Kitten 2
Trend Micro. {{Hacking in the 2010s Cybercrime Cyberwarfare Hacker groups Hacking in the 2010s Military units and formations established in the 2000s Science and technology in Iran Iranian advanced persistent threat groups