Attacks conducted by Iranian hackers against Israeli companies involved the deployment of ransomware and theft of information, threat intelligence company ClearSky reported last week.
Observed in November and December 2020 and collectively referred to as operation Pay2Key, the attacks appear to be the work of Iranian state-sponsored threat actor Fox Kitten.
Also referred to as Parisite and PIONEER KITTEN, the activity associated with Fox Kitten is said to represent a collaboration between two known state-sponsored Iranian groups, namely APT33 (Elfin, Magnallium, Holmium, and Refined Kitten) and APT34 (OilRig, Greenbug).
Known for the use of various open-source and self-developed offensive tools, the adversary was observed targeting enterprise VPNs for intrusion, as well as F5 Networks’ BIG-IP application delivery controller (ADC).
A new series of attacks targeting industrial, insurance and logistics companies in Israel appears to be the work of Fox Kitten, ClearSky noted in a new report. In November and December 2020, the threat actor targeted dozens of Israeli companies in attacks that involved the deployment of ransomware to encrypt servers and workstations.
In addition to the potentially misleading ransomware attacks, the adversary was observed performing “supply chain attacks,” where they leverage accessibility or information obtained from previously breached organizations.
“We believe that this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks ..
Support the originator by clicking the read the rest link below.
