Search Again

Fox Kitten

Get Free Access to Insights

Summary of Actor:Fox Kitten is an Iranian state-sponsored cyber espionage group known for its advanced persistent threat (APT) activities. The group primarily targets critical infrastructure sectors across various countries. Their operations often involve exploiting known vulnerabilities and strategic web compromises.

General Features:Fox Kitten is known for its sophisticated attack methods, including the use of spear-phishing, custom malware, and exploiting known vulnerabilities in enterprise VPNs and RDP servers. The group operates with a focus on long-term persistence and data exfiltration from high-value targets.

Related Other Groups: APT33,APT34,MuddyWater

Indicators of Attack (IoA):

  • Unauthorized RDP access
  • Unusual outbound traffic
  • Phishing emails targeting specific sectors
  • Use of VPN access for network infiltration

Recent Activities and Trends:

  • Latest Campaigns : The most recent campaigns have involved exploiting vulnerabilities in enterprise VPNs to infiltrate networks of targeted organizations.
  • Emerging Trends : There has been a noticeable increase in the group's use of strategic web compromises and focus on supply chain attacks, indicating a shift towards more complex and indirect methods of network infiltration.

...

Also Known As:

Cobalt Foxglove

Parisite

Fox Kitten

Pioneer Kitten

Rubidium

+2

Target Countries

Kuwait

Malaysia

France

Germany

Lebanon

+10


Target Sectors

Air Transportation

Manufacturing

Public Administration

Energy & Utilities

Chemical&Pharmaceutical Manufacturing

+6


️Related CVEs

ATT&CK IDs:

T1190

T1572 - Protocol Tunneling

T1219 - Remote Access Software

T1133 - External Remote Services

T1562 - Impair Defenses

+13

Tactic Id Technique
Collection T1056 Input Capture

Sub Techniques

Detections

Mitigations

Command And Control T1071 Application Layer Protocol

Sub Techniques

Detections

Mitigations

Command And Control T1572 Protocol Tunneling

Sub Techniques

Detections

Mitigations

Command And Control T1219 Remote Access Software

Sub Techniques

Detections

Mitigations

Credential Access T1056 Input Capture

Sub Techniques

Detections

Mitigations

Defense Evasion T1562 Impair Defenses

Sub Techniques

Detections

Mitigations

Defense Evasion T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Execution T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Execution T1059 Command and Scripting Interpreter

Sub Techniques

Detections

Mitigations

Initial Access T1133 External Remote Services

Sub Techniques

Detections

Mitigations

Initial Access T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Initial Access T1190 Exploit Public-Facing Application

Sub Techniques

Detections

Mitigations

Lateral Movement T1021 Remote Services

Sub Techniques

Detections

Mitigations

Lateral Movement T1210 Exploitation of Remote Services

Sub Techniques

Detections

Mitigations

Persistence T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Persistence T1133 External Remote Services

Sub Techniques

Detections

Mitigations

Persistence T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Persistence T1136 Create Account

Sub Techniques

Detections

Mitigations

Persistence T1505 Server Software Component

Sub Techniques

Detections

Mitigations

Persistence T1098 Account Manipulation

Sub Techniques

Detections

Mitigations

Privilege Escalation T1053 Scheduled Task/Job

Sub Techniques

Detections

Mitigations

Privilege Escalation T1078 Valid Accounts

Sub Techniques

Detections

Mitigations

Privilege Escalation T1098 Account Manipulation

Sub Techniques

Detections

Mitigations

Reconnaissance T1596 Search Open Technical Databases

Sub Techniques

Detections

Mitigations