Categories
Cyberwar Hacking

U.S. & Israel Security Firm Unveil Identity of Iranian Cyber Espionage group Rocket Kitten

American and Israeli security firm Checkpoint have published 38-page report identifying specific details about alleged Iranian cyber espionage group Rocket Kitten.

According the report Iranian hackers tries to infect their victims by aggressive malware and phishing attacks and spear phishing attacks by emails , cyber espionage group used U.K. ,Germany and Netherlands internet infrastructures for hosting Command and Control servers operated from Iran.

The attackers were not satisfied with political and security goals, and took advantage of the situation to attack business ,holding companies and financial institutions in order to steal commercial and financial information.

Check Point Press Releases :

SAN CARLOS, CA — Mon, 09 Nov 2015
Check Point Software Technologies Ltd. (NASDAQ: CHKP), the largest pure-play security vendor globally, today published a 38-page report identifying specific details and broad analysis on cyber-espionage activity conducted by the group ‘Rocket Kitten,’ with possible ties to Iranian Revolutionary Guard Corps. The new report also reveals details of the group’s global operations and unique insight into more than 1,600 of their targets.

Led by researchers in Check Point’s Threat Intelligence and Research Area, the never-before-published data paints a picture of strategic malware attacks supported by persistent spear phishing campaigns. The details show Rocket Kitten actively targeted individuals and organizations in the Middle East, as well as across Europe and in the United States, documenting specifics such as:

Business and government sectors across Saudi Arabia, including news agencies and journalists; academic institutions and scholars; human rights activists; military generals; and members of the Saudi royal family.
Embassies, diplomats, military attachés and ‘persons of interest’ across Afghanistan, Turkey, Qatar, United Arab Emirates, Iraq, Kuwait and Yemen, as well as NATO commands in the region.
Dozens of Iran researchers, as well as European Union Iran research groups, specifically in the fields of foreign policy, national security and nuclear energy.
Venezuelan trade and finance targets.
Former Iranian citizens of various influential positions.
Islamic and anti-Islamic preachers and groups; famous columnists and cartoonists; TV show hosts; political parties; and government officials.
Researchers were also able to trace and unmask the true identity of an aliased attacker, identified as “Wool3n.H4T,” as one of the prominent figures behind this campaign. Further, based on the nature of the attacks and associated repercussions, the report suggests Rocket Kitten’s motives were aligned with nation-state intelligence interests, aimed at extracting sensitive information from their targets.

“This research provides a rare look at the nature and global targets of a global cyber espionage group,” said Shahar Tal, Research Group Manager, Check Point. “While Check Point customers are protected against all known variants of these threats by Rocket Kitten, it is our hope fellow security vendors and malware research professionals take the proper precautions and deploy relevant protections.”

For more information, the full report ‘Rocket Kitten: A Campaign with 9 Lives’ can be found here: http://blog.checkpoint.com/2015/11/09/rocket-kitten-a-campaign-with-9-lives.

By Mohammad Rafati

I write on Powershell, Hacking and Security topics. Follow me for the latest news.