– Fox Kitten is an Iran-based threat actor that has been conducting cyberespionage since 2017, targeting organizations in the US, Israel, and other countries.
– They are associated with the Iranian government and steal technical data from targets like schools, governments, financial institutions, and healthcare facilities.
– In addition to espionage, Fox Kitten sells access to compromised networks on underground forums for profit.
– They have recently started collaborating with ransomware groups like NoEscape, RansomHouse, and ALPHV/BlackCat.
– Fox Kitten obtains access to networks and then provides full access to the ransomware affiliates in exchange for a cut of the ransom payments.
– The advisory warns they work closely with the ransomware groups to strategize ransom attacks, though they remain vague about their origin when communicating.
– This joint operation shows Fox Kitten expanding beyond just espionage into ransomware facilitation, posing an increased threat to US and other foreign organizations.
Source: Tech Republic