Fox Kitten

Malware researchers have been keeping a close eye on a hacking campaign called Fox Kitten since 2017. Unlike most hacking operations, which target regular everyday users, the Fox Kitten campaign goes after high-profile targets. Keeping in mind the nature of the targets, it makes sense that the Fox Kitten campaign is carried out by experienced, highly skilled hacking groups. The hacking groups involved in the Fox Kitten campaign would go after targets from the IT sector, the aviation field, government institutions, the oil industry and others. Among the hacking groups that are suspected to be taking part in the Fox Kitten campaign are the notorious APT33 (Advanced Persistent Threat), APT34 (also known as OilRig) and APT39. All the APTs involved are believed to hail from Iran. It would appear that the attackers rely on vulnerable RDP (Remote Desktop Protocol) services and VPNs (Virtual Private Networks) mainly to compromise their targets.

Collects Sensitive Data

The attackers involved in the Fox Kitten campaign have one main goal – get long term access to the compromised systems. This would allow the cyber crooks to collect sensitive or even confidential information from their high-profile targets. It is not clear what the cybercriminals carrying out the Fox Kitten campaign are planning on doing with the collected data. The criminals behind this campaign also used networks they have control over to launch supply-chain attacks against other companies in the same sector.

May Wipe Out Important Files

Some of the cyber crooks that are involved in the Fox Kitten operation are known to have carried out disk-wiping campaigns in the past. This is bad news for the targets of the Fox Kitten campaign, as it may mean that the attackers may opt to wipe out the data present on the compromised systems, which would cause a lot of damage surely. Most of the hacking tools employed in the Fox Kitten operation are developed by the cybercriminals carrying out the attacks. However, there are instances where the cyber crooks involved in the Fox Kitten campaign have used legitimate applications like Plink, Ngrok and FRP. Most of the threats employed in the Fox Kitten operation are custom VBScript launchers, port mapping tools, and Trojan backdoors.

It is clear that the Fox Kitten campaign is not to be underestimated. The cybercriminals taking part in it are very experienced and have the skills to cause long-term damage to their targets.