Names | Tracer Kitten (CrowdStrike) | |
Country | Iran | |
Motivation | Information theft and espionage | |
First seen | 2020 | |
Description | (CrowdStrike) In April 2020, OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a telecommunications company in the Europe, Middle East and Africa (EMEA) region. The actor was found operating under valid user accounts, using custom backdoors in combination with SSH tunnels for C2. The adversary leveraged their foothold to conduct a variety of reconnaissance activities, undertake credential harvesting and prepare for data exfiltration. Telecommunications is currently the third most frequently targeted vertical. This industry still remains firmly within the crosshairs for targeted attacks, the motivations of which are likely associated with espionage and data theft objectives. | |
Observed | Sectors: Telecommunications. Countries: Europe, Middle East and Africa. | |
Tools used | ||
Information | <https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf> |
Last change to this card: 31 December 2022
Download this actor card in PDF or JSON format
Previous: Tortoiseshell, Imperial Kitten
Next: Transparent Tribe, APT 36
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |