Fox Kitten

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Fox Kitten, an Iranian-backed threat actor group, has been identified as a significant cybersecurity risk by security researchers. The group's primary method of initial access is through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Their sophisticated techniques have been detailed in a report titled "Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign" by Clearsky Cybersecurity in February 2020. Fox Kitten, also known as the Parisite group, is part of a larger category of advanced persistent threat (APT) groups which include Sandworm, APT32, and APT33. In August 2020, the FBI reported that elite hackers for the Iranian government, specifically identifying the Fox Kitten or Parisite group, were detected launching cyber attacks against the US private sector and government entities. This information was shared via a public warning on the FBI's official website. The group's activities highlight the increasing cybersecurity threats posed by state-sponsored actors, particularly those with the resources and motivation to carry out extensive, long-term campaigns. The activities of Fox Kitten underscore the importance of robust cybersecurity measures, especially for organizations using VPN devices from the targeted manufacturers. These organizations are urged to ensure they have the latest security patches installed and follow best practices for network security. Alongside ransomware groups like REvil and Sodinokibi, Fox Kitten had exploited 26 flaws, indicating a high level of technical proficiency and persistence in their offensive operations.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Fox Kitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Infographic: A History of Network Device Threats and What Lies Ahead | #ransomware | #cybercrime | National Cyber Security Consulting
CSO Online
a year ago
Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy
DARKReading
a month ago
Cisco Warns of Massive Surge in Password Spraying Attacks on VPNs
CERT-EU
4 months ago
Infographic: A History of Network Device Threats and What Lies Ahead