Search Again

Fox Kitten

Rank: 598
Get Free Access to Insights

Summary of Actor:Fox Kitten is an Iranian state-sponsored cyber espionage group known for its advanced persistent threat (APT) activities. The group primarily targets critical infrastructure sectors across various countries. Their operations often involve exploiting known vulnerabilities and strategic web compromises.

General Features:Fox Kitten is known for its sophisticated attack methods, including the use of spear-phishing, custom malware, and exploiting known vulnerabilities in enterprise VPNs and RDP servers. The group operates with a focus on long-term persistence and data exfiltration from high-value targets.

Related Other Groups: APT33,APT34,MuddyWater

Indicators of Attack (IoA):

  • Unauthorized RDP access
  • Unusual outbound traffic
  • Phishing emails targeting specific sectors
  • Use of VPN access for network infiltration

Recent Activities and Trends:

  • Latest Campaigns : The most recent campaigns have involved exploiting vulnerabilities in enterprise VPNs to infiltrate networks of targeted organizations.
  • Emerging Trends : There has been a noticeable increase in the group's use of strategic web compromises and focus on supply chain attacks, indicating a shift towards more complex and indirect methods of network infiltration.

...

Also Known As:

Parisite

Rubidium

Pioneer Kitten

Lemon Sandstorm

Cobalt Foxglove

+2

Target Countries

Malaysia

Germany

Israel

Australia

Austria

+10


Target Sectors

Air Transportation

Manufacturing

Public Administration

Energy & Utilities

Chemical&Pharmaceutical Manufacturing

+6


Associated Malware/Software

Noberus

ALPHV

BlackCat - S1068

NoEscape

Ransomhouse


️Related CVEs

ATT&CK IDs:

T1083 - File and Directory Discovery

T1486 - Data Encrypted for Impact

T1190

T1059 - Command and Scripting Interpreter

T1056 - Input Capture

+20

Tactic Id Technique
Collection T1056 Input Capture

Sub Techniques

Detections

Mitigations

Command And Control T1572 Protocol Tunneling

Sub Techniques

Detections

Mitigations

Command And Control T1071 Application Layer Protocol

Sub Techniques

Detections

Mitigations

Command And Control T1105 Ingress Tool Transfer

Sub Techniques

Detections

Mitigations

Command And Control T1219 Remote Access Tools

Sub Techniques

Detections

Mitigations

Credential Access T1056 Input Capture

Sub Techniques

Detections

Mitigations

Defense Evasion T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Defense Evasion T1140 Deobfuscate/Decode Files or Information

Sub Techniques

Detections

Mitigations

Defense Evasion T1562 Impair Defenses

Sub Techniques

Detections

Mitigations

Discovery T1082 System Information Discovery

Sub Techniques

Detections

Mitigations

Discovery T1012 Query Registry

Sub Techniques

Detections

Mitigations

Discovery T1482 Domain Trust Discovery

Sub Techniques

Detections

Mitigations

Discovery T1083 File and Directory Discovery

Sub Techniques

Detections

Mitigations

Execution T1059 Command and Scripting Interpreter

Sub Techniques

Detections

Mitigations

Execution T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Impact T1486 Data Encrypted for Impact

Sub Techniques

Detections

Mitigations

Initial Access T1133 External Remote Services

Sub Techniques

Detections

Mitigations

Initial Access T1190 Exploit Public-Facing Application

Sub Techniques

Detections

Mitigations

Initial Access T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Lateral Movement T1210 Exploitation of Remote Services

Sub Techniques

Detections

Mitigations

Lateral Movement T1021 Remote Services

Sub Techniques

Detections

Mitigations

Persistence T1133 External Remote Services

Sub Techniques

Detections

Mitigations

Persistence T1136 Create Account

Sub Techniques

Detections

Mitigations

Persistence T1098 Account Manipulation

Sub Techniques

Detections

Mitigations

Persistence T1505 Server Software Component

Sub Techniques

Detections

Mitigations

Persistence T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Persistence T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Privilege Escalation T1098 Account Manipulation

Sub Techniques

Detections

Mitigations

Privilege Escalation T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Privilege Escalation T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Reconnaissance T1596 Search Open Technical Databases

Sub Techniques

Detections

Mitigations