album-art
00:00

 

The Fox Kitten threat group is creating ripples in the cyber world. The threat actors are proactively attacking prominent USA-based organizations. As per the investigations by the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, the Fox Kitten group is being sponsored by Iran to carry out these malicious cyberattacks against the USA.

Currently, the threat actors have decent access across different sectors such as defense, finance, education, and healthcare. After studying their activities closely, the cybersecurity experts have come to the conclusion that the Fox Kitten group has been trying to monetize their access across all these US-based industries

 

cyber attack

 

However, this threat campaign is completely different from what Fox Kitten has been trying to achieve in Israel, the US, and Azerbaijan. The latter involves cyberattacks to steal vital technical data from multiple organizations across these nations.

 

Getting into the details

The FBI and the CISA are working closely on Fox Kitten cyberattacks. They have warned against Fox Kitten’s advances as an attempt to gain deeper access to ‘victim networks’ in order to facilitate ransomware attacks in the near future. Danesh Novin Sahand, an Iranian company, is the prime suspect at the moment. Both the FBI and CISA believe that the Fox Kitten threat group operates and carries out their day-to-day cyber activities under the cover of Danesh Novin Sahand.

Different cybersecurity groups have been keeping tabs on Fox Kitten’s activities and labeling the threat group with different names, such as UC757, Pioneer Kitten, Rubidium, Lemon Sandstorm, and Parisite.

 

cyber threat

Crowdstrike believes that Fox Kitten started operating in 2017. In 2020, it grabbed attention when Crowdstrike noticed Fox Kitten’s attempts to sell out compromised networks on underground forums. At that time, it was not clear if Iran was involved in this activity. 

Then, in 2021, Microsoft pin-pointed Fox Kitten as one of the leading state-backed cyber threat groups. 

As per the findings of the CISA and the FBI, Fox Kitten has joined hands with multiple ransomware strain operators like Ransomhouse, NoEscape, and ALPHV. The core idea is to provide the former with access to vulnerable or compromised networks and earn a certain percentage on collected ransoms. In several instances, Fox Kitten has worked together with ransomware affiliates to exploit victim networks and create strategies for ransom extortion.

 

Ongoing threat campaigns against the USA

At present, the Fox Kitten threat group is aiming at exploiting VPN device vulnerabilities. The ultimate game plan of the threat group is to collect login credentials, come up with rogue accounts, implement Web shells, load malware, and so on.

 

phish protection

 

Certain organizations haven’t yet come up with the right remedies to fix these vulnerabilities, and that’s exactly why Fox Kitten is conveniently carrying out its attacking campaigns

It is the need of the hour for global organizations to start taking cybersecurity seriously. In view of the current situation, all US-based organizations must fix their network vulnerabilities and strengthen their phishing protection as soon as possible. Additionally, adding multiple layers of cybersecurity, backed by regular cybersecurity training sessions for employees, will be beneficial in the long run.