ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Tracer Kitten

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Tracer Kitten

NamesTracer Kitten (CrowdStrike)
CountryIran Iran
MotivationInformation theft and espionage
First seen2020
Description(CrowdStrike) In April 2020, OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a telecommunications company in the Europe, Middle East and Africa (EMEA) region. The actor was found operating under valid user accounts, using custom backdoors in combination with SSH tunnels for C2. The adversary leveraged their foothold to conduct a variety of reconnaissance activities, undertake credential harvesting and prepare for data exfiltration.

Telecommunications is currently the third most frequently targeted vertical. This industry still remains firmly within the crosshairs for targeted attacks, the motivations of which are likely associated with espionage and data theft objectives.
ObservedSectors: Telecommunications.
Countries: Europe, Middle East and Africa.
Tools used

Last change to this card: 31 December 2022

Download this actor card in PDF or JSON format

Previous: Tortoiseshell, Imperial Kitten
Next: Transparent Tribe, APT 36

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]