Nemesis Kitten

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Nemesis Kitten, also known as Lord Nemesis, is a malware attributed to an Iran-nexus threat group, closely aligned with the Iranian government. It emerged in late 2023 and quickly made its mark with a significant cyberattack on Rashim, a software company. The malware is known for exploiting misconfigurations and unpatched vulnerabilities in external-facing services, such as Microsoft Exchange and Log4j. As a subgroup of the Iranian threat actor Phosphorus (APT35), Nemesis Kitten is part of a larger landscape of adversaries including PANDAs (China-nexus), SILENT CHOLLIMA (North Korea-nexus), CARBON SPIDER, and PROPHET SPIDER. In 2022, Nemesis Kitten was linked to the IRGC-IO via personas by the anti-government group Lab Dookhtegan. Its tactics include ransoming organizations using in-built encryption software like BitLocker full-disk encryption. Four months after the initial breach of Rashim in 2023, Nemesis Kitten demonstrated its infiltration by sending a message from Rashim's internal Office365 infrastructure to the company's clients, colleagues, and partners announcing that it had "full access to Rashim's infrastructure." The Iran-based hacktivists associated with Nemesis Kitten further escalated their activities by uploading videos demonstrating how they were able to delete branches from Rashim's databases. This incident underscores the advanced persistent threat (APT) nature of Nemesis Kitten and its capability to disrupt operations significantly, steal personal information, and hold data hostage for ransom. The emergence and activities of Nemesis Kitten highlight the importance of robust cybersecurity measures to prevent such breaches and mitigate potential damages.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Nemesis
1
Nemesis is a type of malware, specifically known as an infostealer, which infiltrates systems to exploit and cause damage. It often enters systems undetected through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. A deeper lo
Dev0270
1
None
Lord Nemesis
1
Lord Nemesis, also known as Nemesis Kitten, is a malware that first emerged in late 2023. This malicious software was developed with the intent to exploit and damage computer systems and devices, often infiltrating systems without the user's knowledge through suspicious downloads, emails, or website
Mint Sandstorm
1
Mint Sandstorm, an Iranian nation-state threat actor also known as APT35 and Charming Kitten, has been identified by Microsoft as a significant cybersecurity concern. The group is linked to Iran's Islamic Revolutionary Guard Corps and is known for its sophisticated cyber campaigns targeting high-val
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Japan
Apt
Encryption
Log4j
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Carbon SpiderUnspecified
1
CARBON SPIDER, also known as FIN7 and Sangria Tempest, is a threat actor that has been active in the eCrime space since approximately 2013. This criminally motivated group primarily targets the hospitality and retail sectors with the aim of obtaining payment card data. The group has been linked to s
Silent ChollimaUnspecified
1
Silent Chollima, a North Korea-nexus threat actor, is known for its malicious cyber activities. The group, which is part of the 3rd Bureau of the Foreign Intelligence and Reconnaissance General Bureau, North Korea's foreign intelligence agency, has been associated with other groups such as Lazarus,
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Nemesis Kitten Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
Israeli Universities Hit by Supply Chain Cyberattack Campaign
InfoSecurity-magazine
6 months ago
New Leaks Expose Web of Iranian Intelligence and Cyber Companies
Malwarebytes
a year ago
APT attacks: Exploring Advanced Persistent Threats and their evasive techniques
CrowdStrike
a year ago
Adversary Insights from Japan Front Lines | CrowdStrike