Advanced Persistent Threats (APTs) like Kittens aim for espionage and primarily attack Middle Eastern nations, utilizing phishing lures disguised as job postings. This article explores various APT groups and their tools, targets, and identified vulnerabilities. Affected: Cybersecurity, Middle Eastern nations, Organizations
Keypoints :
- Kittens APTs are advanced persistent threats targeting various organizations.
- They primarily focus on espionage activities against Middle Eastern countries.
- Phishing lures often take the form of job postings.
- A comprehensive study identifies aliases, tools, and vulnerabilities associated with each Kittens APT group.
- Notable Kittens APTs discussed include Refined Kitten, Static Kitten, Charming Kitten, Helix Kitten, Pioneer Kitten, Remix Kitten, Clever Kitten, and Rampant Kitten.
MITRE Techniques :
- Refined Kitten (APT33) – Uses tools like PoshC2, Koadic, and PowerShell Empire for C2 infrastructure and access.
- Static Kitten (MuddyWater) – Employs NTSTATS and ScreenConnect for information gathering and remote access.
- Charming Kitten (APT35) – Utilizes CharmPower and BellaCiao malware for credential access and data theft.
- Helix Kitten (APT34) – Attacks with Quadagent and OopsIE for cyber-espionage activities.
- Pioneer Kitten – Leverages Ngrok and SSHMinion to exploit vulnerabilities in systems.
- Remix Kitten (APT39) – Utilizes ASPXSpy to enhance unauthorized access and data collection.
- Clever Kitten – Uses Acunetix WVS for vulnerability scanning on web applications.
- Rampant Kitten – Targets secure messaging apps and password managers with Dharma.
Indicator of Compromise :
- [Domain] blog.polyswarm.io
- [CVE] CVE-2018–20250
- [CVE] CVE-2017–0199
- [CVE] CVE-2017–11882
- [CVE] CVE-2019–11510
Full Story: https://medium.com/@cyberecht/the-kittens-apts-342b08f71bc6?source=rss——cybersecurity-5