Hacking Group “Rocket Kitten” Linked to Iranian Government

Securityweek.com reported on 2nd September, 2015 quoting a recent warning by security experts as "the Iran-based threat group called "Rocket Kitten" continues to target organisations and individuals mainly in the Middle East in spite of the fact that security researchers have exposed its activities."

ClearSky and Trend Micro jointly revealed in a recently released report that the group's activities have increased over the past months. ClearSky has identified a total 550 targets out of which most are located in the Middle East. However, researchers observed that the group seems to be presently aiming on individuals rather than organisations.

Two attacks defined in detail in the report have attacked a researcher of ClearSky and an Iranian lecturer.

Dr. Thamar E. Gindin, an Israeli expert on linguistics and pre-Islamic Iranian culture was one of the latest victims of confirmed attacks who then helped researchers of ClearSky in preparing a thorough picture of modus operandi of attackers.

They tried to hijack her accounts and devices in many ways: spear phishing emails from faked email accounts resembled those of known individuals or organisations, phishing phone calls, demands to open documents enclosed in emails (actually malware), join forums (link was to tainted website), messages through Facebook from fake accounts, tries to hijack her contacts of accounts in trying to set a link with her and so on.

These social engineering and spear phishing campaigns were feebly executed very often but attackers of Rocket Kitten can not be blamed for persistency: Dr. Gindin was assaulted with these different attempts relentlessly and the attacks sustained even after ClearSky published a paper on them (the Thamar Reservoir paper).

Another identical attack has being targeting a Threat Researcher who had been called by the attackers through a phony Facebook account.

Softpedia.com published a report on 4th September, 2015 quoting a research paper as "These facts suggest that Rocket Kitten may engage some sort of foreign political campaign and would like to find regime-opponents active in driving policy in various ways. There are state actors in the region who are interested in gaining access to the information which can be found in computers of people and their emails."

» SPAMfighter News - 9/17/2015