Names | Clever Kitten (CrowdStrike) Group 41 (Talos) | |
Country | Iran | |
Motivation | Information theft and espionage | |
First seen | 2013 | |
Description | (CrowdStrike) Clever Kitten primarily targets global companies with strategic importance to countries that are contrary to Iranian interests. Clever Kitten actors have a strong affinity for PHP server-side attacks to make access; this is relatively unique amongst targeted attackers who often favor targeting a specific individual at a specific organization using social engineering. Some attackers have moved to leveraging strategic web compromises. The reason for this is likely the availability of exploits against web browsers, which for a variety of reasons allows an attacker to bypass security features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR). | |
Observed | Sectors: Global companies with strategic importance to countries that are contrary to Iranian interests.. | |
Tools used | Acunetix Web Vulnerability Scanner, RC SHELL. | |
Information | <https://www.crowdstrike.com/blog/whois-clever-kitten/> |
Last change to this card: 14 April 2020
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |