Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US

– Fox Kitten is an Iran-based threat actor that has been conducting cyberespionage since 2017, targeting organizations in the US, Israel, and other countries.

– They are associated with the Iranian government and steal technical data from targets like schools, governments, financial institutions, and healthcare facilities.

– In addition to espionage, Fox Kitten sells access to compromised networks on underground forums for profit.

– They have recently started collaborating with ransomware groups like NoEscape, RansomHouse, and ALPHV/BlackCat.

– Fox Kitten obtains access to networks and then provides full access to the ransomware affiliates in exchange for a cut of the ransom payments.

– The advisory warns they work closely with the ransomware groups to strategize ransom attacks, though they remain vague about their origin when communicating.

– This joint operation shows Fox Kitten expanding beyond just espionage into ransomware facilitation, posing an increased threat to US and other foreign organizations.

Source: Tech Republic

Share the Post:

Related Posts