Domestic Kitten APT

The Domestic Kitten APT, also known as APT-C-50, is an advanced persistent threat group that has been operational for years. The activities of this hacker collective exhibit signs that it is being state-sponsored by the Iranian government. Indeed, most of the targets that the Domestic Kitten APT has focused on have been Iranian dissidents or individuals who have been monitoring the hacker group.

 According to the data released by these researchers, Domestic Kitten began its activity in 2017 and has multiple ongoing attack campaigns currently. So far the group has targeted over 1200 individuals of interest and has managed to achieve around 600 successful infections. The profile of the victims includes dissidents, journalists, rights activists, the Kurdish minority in Iran and more. The targeted individuals are spread across 12 different countries, among which are Turkey, the US, the UK, Iran, Pakistan and Afganistan. 

 The latest operations carried out by the Domestic Kitten APT deploy surveillance and data-harvesting malware named FurBall Malware. The initial delivery of the threatening tool is achieved through several different vectors. The hackers have incorporated an Iranian blog site, Telegram channels, and even SMS containing links to the malware as part of their attack chain. FurBall itself attempts to remain hidden by pretending to be a legitimate application. It has been observed to pose as 'VIPRE Mobile Security,' which is a fake mobile application, but among its disguises are also legitimate game and wallpaper applications such as Exotic Flowers and Iranian Woman Ninja. The FurBall Malware has been detected pretending to be the application for a real restaurant located in Tehran. 

 The Domestic Kitten APT is a threat actor that has established itself as part of the cyberwarfare arena. Organizations should take precautions against the operations of the group by studying the available IoC (Indicators of Compromise) and bolstering their defenses.