Researchers at Israeli cyber-security firm, ClearSky, have detailed widespread hacking activities by alleged Iranian groups, targeting known security exploits in a large number of VPN servers from companies like Pulse Secure, Palo Alto Networks, Fortinet and Citrix. According to the report, the hackers planted backdoors and succeeded in gaining access to the networks of numerous organizations from around the world.
Believed to have been originally spotted by the industrial cyber-security firm, Dragos, during the last quarter of 2019, the widespread Iranian offensive has been named the ‘Fox Kitten Campaign’, and is said to have been operational at least for the past three years. “This campaign is being conducted in the last three years against dozens of companies and organizations in Israel around the world”, the researchers said in an official blog post on Sunday.
“Through the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organizations from the IT, telecommunication, oil and gas, aviation, government and security sectors around the world”, they added. They further claimed that this may be among the most “continuous and comprehensive (cyber-attack) campaigns” launched by Iran up until now.
The report goes on to claim that apart from malware, the Fox Kitten campaign uses an entire infrastructure dedicated to ensuring the long-lasting capability to control and fully access the targets. The researchers also said that they believe with ‘medium-high’ probability that the campaign’s infrastructure has got striking similarities with the activities of an Iranian hacking group called APT34-OilRig.
You can read more details about the Fox Kitten hacking campaign on the official ClearSky blog.