Rocket Kitten
   HOME

TheInfoList



Click Here for Items Related To - Rocket Kitten
OR:
Rocket Kitten on:   [Wikipedia]   [Google]   [Amazon]

Rocket Kitten or the Rocket Kitten Group is a
hacker group Hacker groups are informal communities that began to flourish in the early 1980s, with the advent of the home computer. Overview Prior to that time, the term ''hacker'' was simply a referral to any computer hobbyist. The hacker groups were out ...
thought to be linked to the
Iran Iran, officially the Islamic Republic of Iran, and also called Persia, is a country located in Western Asia. It is bordered by Iraq and Turkey to the west, by Azerbaijan and Armenia to the northwest, by the Caspian Sea and Turkmeni ...
ian government. The threat actor group has targeted organizations and individuals in the Middle East, particularly Israel, Saudi Arabia, Iran as well as the United States and Europe.


Origins

Cybersecurity firm
FireEye Trellix (formerly FireEye and McAfee Enterprise) is a privately held cybersecurity company founded in 2022. It has been involved in the detection and prevention of major cyber attacks. It provides hardware, software, and services to investigat ...
first identified the group as Ajax Security Team, writing that the group appears to have been formed in 2010 by the hacker personas "Cair3x" and "HUrr!c4nE!". By 2012, the threat actor group turned their focus to Iran's political opponents. Their targeted attack campaigns, dubbed "Rocket Kitten", have been known since mid-2014. By 2013 or 2014, Rocket Kitten had shifted its focus to malware-based cyberespionage. Security firm
Check Point Check Point is an American-Israeli multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security and security managem ...
describes Rocket Kitten as an "attacker group of Iranian origin." Rocket Kitten's code uses
Persian language Persian (), also known by its endonym Farsi (, ', ), is a Western Iranian language belonging to the Iranian branch of the Indo-Iranian subdivision of the Indo-European languages. Persian is a pluricentric language predominantly spoken and ...
references. The group's targets are involved in defense, diplomacy, international affairs, security, policy research, human rights, and journalism. According to Check Point, the group has targeted Iranian dissidents, the
Saudi royal family The House of Saud ( ar, آل سُعُود, ʾĀl Suʿūd ) is the ruling royal family of Saudi Arabia. It is composed of the descendants of Muhammad bin Saud, founder of the Emirate of Diriyah, known as the First Saudi state (1727–1818), and ...
, Israeli nuclear scientists and
NATO The North Atlantic Treaty Organization (NATO, ; french: Organisation du traité de l'Atlantique nord, ), also called the North Atlantic Alliance, is an intergovernmental military alliance between 30 member states – 28 European and two No ...
officials. Security researchers found that they carried out a "common pattern of spearphishing campaigns reflecting the interests and activities of the Iranian security apparatus." Other researchers determined that Rocket Kitten's attacks bore a similarity to those attributed to Iran's
Revolutionary Guards The Islamic Revolutionary Guard Corps (IRGC; fa, سپاه پاسداران انقلاب اسلامی, Sepāh-e Pāsdārān-e Enghelāb-e Eslāmi, lit=Army of Guardians of the Islamic Revolution also Sepāh or Pasdaran for short) is a branch o ...
. Intelligence officials from the Middle East and Europe linked Rocket Kitten to the Iranian military establishment. Rocket Kitten favours a
Remote Access Trojan In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system (usually a PC, but the concept applies equally to a server or a ...
, and by 2015, researchers found it was using customised malware.


History


Operation Saffron Rose

Cybersecurity firm FireEye released a report in 2013 finding that Rocket Kitten had conducted several cyberespionage operations against United States
defense industrial base The term defense industrial base (or DIB), also known as the defense industrial and technological base, is used in political science to refer to a government's industrial assets that are of direct or indirect importance for the production of equip ...
companies. The report also detailed the targeting of Iranian citizens who use anti-censorship tools to bypass Iran's Internet filters.


Operation Woolen-Goldfish

Trend Micro is an American-Japanese multinational cyber security software company with global headquarters in Tokyo, Japan and Irving, Texas, United State.Other regional headquarters and R&D centers are located around East Asia, Southeast Asia, Europe, and ...
identified the Operation Woolen-Goldfish campaign in a March 2015 paper. The campaign included improved spearphishing content.


Oyun

In November 2015, security errors by Rocket Kitten allowed the firm Check Point to gain password-less root access to "Oyun", the hackers' back-end database. They discovered an application that was able to generate personalized phishing pages and contained a list of over 1,842 individual targets. Among Rocket Kitten's spearphishing targets from June 2014 to June 2015, 18% were from Saudi Arabia, 17% were from the United States, 16% were from Iran, 8% were from the Netherlands, and 5% were from Israel. Analysts used credentials to access key logs of the group's victims and found that Rocket Kitten had apparently tested their malware on their own workstations and failed to erase the logs from the data files. Check Point identified an individual named Yaser Balaghi, going by Wool3n.H4t, as a ringleader of the operation.


Telegram hack

In August 2016, researchers identified Rocket Kitten as being behind a hack of
Telegram Telegraphy is the long-distance transmission of messages where the sender uses symbolic codes, known to the recipient, rather than a physical exchange of an object bearing the message. Thus flag semaphore is a method of telegraphy, whereas p ...
, a cloud-based instant messaging service. The hackers exploited Telegram's reliance on SMS verification, comprising over a dozen accounts and stealing the user IDs and telephone numbers of 15 million Iranians who use the software. Opposition organizations and reformist political activists were among the victims.


References


External links


The Spy Kittens Are Back: Rocket Kitten 2
Trend Micro. {{Hacking in the 2010s Cybercrime Cyberwarfare Hacker groups Hacking in the 2010s Military units and formations established in the 2000s Science and technology in Iran Iranian advanced persistent threat groups