Imperial Market BitCards Hidden Links

Iranian Hackers Advertise on Dark Web

A suspected Iranian state-backed group appears to have been moonlighting to drive additional income, according to a new report from CrowdStrike. The security vendor claimed that the newly discovered Pioneer Kitten has been active since at least 2017 and is mainly focused on stealing intelligence which would be strategically useful to Tehran.

However, it is more likely to be a contractor than directly government employed, according to CrowdStrike senior intelligence analyst, Alex Orleans. This is because there’s evidence that the group has recently been advertising its wares on underground forums, in particular, access to compromised networks.

“That activity is suggestive of a potential attempt at revenue stream diversification on the part of Pioneer Kitten, alongside its targeted intrusions in support of the Iranian government,” Orleans argued. As such, it usually targets healthcare, government, technology and defense firms.

The group itself is said to favor exploits of remote, internet-connected external services and open source tooling.

“The adversary is particularly interested in exploits related to VPNs and network appliances, including CVE-2019-11510, CVE-2019-19781, and most recently CVE-2020-5902; reliance on exploits such as these lends to an opportunistic operational model,” Orleans continued.

“Pioneer Kitten’s namesake operational characteristic is its reliance on SSH tunnelling, through open-source tools such as Ngrok and the adversary’s custom tool SSHMinion, for communication with implants and hands-on-keyboard activity via Remote Desktop Protocol (RDP).”

Some of the listed CVEs exploited by the group tie to bugs in products from Pulse Secure and Citrix which were widely exploited earlier this year, notably in ransomware attacks.

Pioneer Kitten’s targets so far have been located mainly in North America and Israeli, according to CrowdStrike. The group is also known by the monikers “Parasite,” "UNC757,” and “Fox Kitten."

Share this article

  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
Although both the deep web and dark web are the
The personal information, ID numbers, phone
A suspected Iranian state-backed group appears to
An examination of Hacking Team emails has
Nefilim ransomware operators allegedly targeted
Threat intelligence firm KELA shared a list of
While the dark web offers a haven for criminals
While the dark web offers a haven for criminals
We’ve seen an ugly trend recently of tech news
  • 1
  • 2
  • 3
Submarine   Hidden Links   Onion Scanner


Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…