 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Subgroup: DEV-0270, Nemesis Kitten| Names | DEV-0270 (Microsoft) Nemesis Kitten (CrowdStrike) DireFate (BAE Systems) | |
| Country |  Iran | |
| Motivation | Financial gain | |
| First seen | 2022 | |
| Description | A subgroup of Magic Hound, APT 35, Cobalt Illusion, Charming Kitten. (Microsoft) Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including widespread vulnerability scanning, on behalf of the government of Iran. However, judging from their geographic and sectoral targeting, which often lacked a strategic value for the regime, we assess with low confidence that some of DEV-0270’s ransomware attacks are a form of moonlighting for personal or company-specific revenue generation. | |
| Observed | ||
| Tools used | Impacket, WmiExec, Living off the Land. | |
| Information | <https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/> | |
Last change to this card: 01 January 2023
Download this actor card in PDF or JSON format
Previous: Magic Hound, APT 35, Cobalt Illusion, Charming Kitten
Next: Magic Kitten
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |