 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: Flying Kitten, Ajax Security Team| Names | Flying Kitten (CrowdStrike) Ajax Security Team (FireEye) Group 26 (Talos) | |
| Country |  Iran | |
| Sponsor | State-sponsored | |
| Motivation | Information theft and espionage | |
| First seen | 2010 | |
| Description | (FireEye) Members of this group have accounts on popular Iranian hacker forums such as ashiyane[.]org and shabgard[.]org, and they have engaged in website defacements under the group name “AjaxTM” since 2010. By 2014, the Ajax Security Team had transitioned from performing defacements (their last defacement was in December 2013) to malware-based espionage, using a methodology consistent with other advanced persistent threat actors in this region. (Crowdstrike) CrowdStrike Intelligence has also been tracking and reporting internally on this threat group since mid-January 2014 under the name FLYING KITTEN, and since that time has seen targeting of multiple U.S.-based defense contractors as well as political dissidents. | |
| Observed | Sectors: Defense and dissidents. Countries: USA. | |
| Tools used | Stealer. | |
| Operations performed | 2013 | Operation “Saffron Rose” <https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-operation-saffron-rose.pdf> |
| Information | <https://www.crowdstrike.com/blog/cat-scratch-fever-crowdstrike-tracks-newly-reported-iranian-actor-flying-kitten/> | |
| MITRE ATT&CK | <https://attack.mitre.org/groups/G0130/> | |
Last change to this card: 30 December 2022
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |