Posted on September 3, 2020 at 4:29 PM
Pioneer Kitten is an Iranian-based hacker group specializing in hacking into large conglomerates’ private resources. The group is currently responsible for network access information from some companies whose data got compromised.
The infamous hacker group sells this information on private online forums. Pioneer Kitten was recently able to exploit some vulnerabilities found in the network equipment and VPN systems of certain companies to breach their corporate networks.
Who is Pioneer Kitten?
Pioneer Kitten is an Iranian-based hacker group that is backed by the government of Iran. They are officially known as an Advanced Persistent Threat (APT) group. The group also goes by the name of Parisite or Fox Kitten. The group officially began its hacking activities in 2017.
The group, however, work autonomously and is not being run by the government of Iran. But the government contracts the group as a means of providing support and financial backing.
It is one of the primary objectives of the group to gain and maintain access to organizations that may have any information relevant to the government of Iran.
Selling Access to Hacked Networks
As of recent, the hacker group proceeded to sell off the hacked information on secret channels online. Based on a CrowdStrike report, the group is currently engaged in the sales of network access of some of its corporate victims to increase their revenue.
This report suggests that since some of the data secretly obtained by the company is not relevant to Iran’s government, the group has decided to sell off these sets of data.
By the middle of 2020, an individual that was supposedly known to be connected with the hacker group got identified in advertising some data. He wanted to sell off some of the compromised information fraudulently obtained through a private forum on the internet.
Surprisingly, Pioneer Kitten has only be known to provide these types of network access information to other APT groups based in Iran. Some of these groups include Elfin, Magnallium, Oilrig, Helix Kitten, Shamoon, Remix Kitten, and Chafer. However, in July, the group began selling these types of data to hackers interested in private forums.
The method of attack
The hacker group employs an opportunistic attack method. They primarily breach the VPNs of enterprises by using open-coded tools and identified flaws in organizational network systems.
The group carries out its hacking activities by relying on flaws of remote external systems present in internet-enabled assets. This allows it to gain initial access to the information of its victims. The group depends on open-coded tools when carrying gout its hacking operations.
This attack method is frequently used by APT groups based in Iran to forcefully integrate a backdoor channel into the networking system of unsuspecting companies.
Over a few years, the hacker group exploited numerous flaws of networking systems and VPNs to further strike down at companies around the world. Some of these flaws are identified as:
- CVE-2018-13379 –VPN servers of Fortinet that runs on Fortis SSL VPN web portal
- CVE-2019-11510 – Pulse Secure VPN servers
- CVE-2019-1579 – Palo Alto Networks Global Protect VPN
- CVE-2020-5902 – F5 Networks BIG-IP load balancers
- CVE-2019-19781 – Citrix ADCs and network gateways
Some of the group’s targets
The group has a long list of targets which comprises of multinationals and governments. The countries frequently targeted by Pioneer Kitten are the US, the UAE, Saudi Arabia, Poland, Malaysia, Lebanon, Kuwait, Italy, Hungary, Finland, Austria, France, Australia, Germany, and Israel.
Furthermore, some of the group’s sectors include defense, healthcare, government, technology, engineering, media, retail, and insurance.
The group uses its controlled attack method to exploit healthcare, defense, and technology data from unsuspecting counties. Due to the possession of intelligence information relevant to Iran’s government, the group has considerably targeted both Israeli and North American enterprises.