Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information.
The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two different moving parts — one for Windows and the other for Android — using a wide arsenal of intrusion tools in the form of info stealers and backdoors designed to steal personal documents, passwords, Telegram messages, and two-factor authentication codes from SMS messages.
Calling the operation “Rampant Kitten,” cybersecurity firm Check Point Research said the suite of malware tools had been mainly used against Iranian minorities, anti-regime organizations, and resistance movements such as the Association of Families of Camp Ashraf and Liberty Residents (AFALR), Azerbaijan National Resistance Organization, and citizens of Balochistan.
Windows Info-Stealer Targets KeePass and Telegram
Per Check Point, the infection chain was first traced to a malware-laced Microsoft Word document (“The Regime Fears the Spread of…