Fox Kitten

Threat Actor Profile Updated 3 months ago

Download STIX

Preview STIX

Fox Kitten, an Iranian-backed threat actor group, has been identified as a significant cybersecurity risk by security researchers. The group's primary method of initial access is through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Their sophisticated techniques have been detailed in a report titled "Fox Kitten Campaign Widespread Iranian Espionage-Offensive Campaign" by Clearsky Cybersecurity in February 2020. Fox Kitten, also known as the Parisite group, is part of a larger category of advanced persistent threat (APT) groups which include Sandworm, APT32, and APT33. In August 2020, the FBI reported that elite hackers for the Iranian government, specifically identifying the Fox Kitten or Parisite group, were detected launching cyber attacks against the US private sector and government entities. This information was shared via a public warning on the FBI's official website. The group's activities highlight the increasing cybersecurity threats posed by state-sponsored actors, particularly those with the resources and motivation to carry out extensive, long-term campaigns. The activities of Fox Kitten underscore the importance of robust cybersecurity measures, especially for organizations using VPN devices from the targeted manufacturers. These organizations are urged to ensure they have the latest security patches installed and follow best practices for network security. Alongside ransomware groups like REvil and Sodinokibi, Fox Kitten had exploited 26 flaws, indicating a high level of technical proficiency and persistence in their offensive operations.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Parisite	1	Parisite, also known as Fox Kitten, Pioneer Kitten, or UNC757, is a threat actor believed to be associated with the Iranian government. This group has been operational since at least 2017, exhibiting activities targeting a broad geographic range including entities in the US, the Middle East, Europe,

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Exploit

Ransomware

Government

Vpn

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
REvil	Unspecified	1	REvil is a notorious form of malware, specifically ransomware, that infiltrates systems to disrupt operations and steal data. The ransomware operates on a Ransomware as a Service (RaaS) model, which gained traction in 2020. In this model, REvil, like other first-stage malware such as Dridex and Goot

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Sodinokibi	Unspecified	1	Sodinokibi, also known as REvil, is a significant threat actor first identified in April 2019. This ransomware family operates as a Ransomware-as-a-Service (RaaS) and has been responsible for one in three ransomware incidents responded to by IBM Security X-Force in 2020. The Sodinokibi ransomware st

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Source Document References

Information about the Fox Kitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
DARKReading	3 months ago	Cisco Warns of Massive Surge in Password Spraying Attacks on VPNs
CERT-EU	7 months ago	Infographic: A History of Network Device Threats and What Lies Ahead
CERT-EU	7 months ago	Infographic: A History of Network Device Threats and What Lies Ahead \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CSO Online	a year ago	Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy