Parisite

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Parisite, also known as Fox Kitten, Pioneer Kitten, or UNC757, is a threat actor believed to be associated with the Iranian government. This group has been operational since at least 2017, exhibiting activities targeting a broad geographic range including entities in the US, the Middle East, Europe, and Australia. Parisite's primary focus appears to be industrial organizations with Industrial Control System (ICS) implementations and related entities, although its activities also extend to government and non-governmental organizations. The group targets various industrial verticals such as aerospace, oil and gas, and utilities including water, electric, and gas. In August 2020, the FBI reported that Parisite was actively attacking the US private and government sector. The cybersecurity firm Dragos identified Parisite activity specifically targeting ICS-related entities using known Virtual Private Network (VPN) vulnerabilities. Parisite's current operations suggest an interest in gaining initial access to enterprise networks, including industrial networks, by exploiting vulnerable VPN appliances. The group uses known open-source penetration testing tools for reconnaissance and to establish encrypted communications. Despite its extensive targeting and infiltration activities, Parisite does not currently appear to possess an ICS-specific disruptive or destructive capability. Instead, it demonstrates only initial access, enabling further operations for another threat actor, MAGNALLIUM. Although this lack of destructive capabilities may seem less threatening, the potential for information theft, espionage, and preparation for future attacks should not be underestimated. Consequently, it is crucial for organizations to remain vigilant and implement robust security measures to protect against such threat actors.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Pioneer Kitten
1
Pioneer Kitten, also known as UNC757, is a threat actor tracked by CrowdStrike Intelligence and is believed to be linked with the Iranian government. The group primarily targets North American and Israeli entities that are likely of intelligence interest to Iran. Pioneer Kitten's operational model i
UNC757
1
UNC757, also known as Pioneer Kitten or Parisite, is a threat actor recognized for its malicious activities in the cybersecurity landscape. This group's indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) have been analyzed, leading to the identification of a correlation b
Fox Kitten
1
Fox Kitten, an Iranian-backed threat actor group, has been identified as a significant cybersecurity risk by security researchers. The group's primary method of initial access is through VPN devices from Citrix, Fortinet, Palo Alto Networks, and Pulse Secure. Their sophisticated techniques have been
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Dragos
Industrial
Vpn
Government
Reconnaissance
Ics
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
MagnalliumUnspecified
1
Magnallium, also known as Elfin, is a significant threat actor that has been active in the cybersecurity landscape. This entity, which could be an individual, a private company, or part of a government organization, has been identified as executing actions with malicious intent. A noticeable surge i
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Parisite Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CSO Online
a year ago
Federal cyber incidents reveal challenges of implementing US National Cybersecurity Strategy
MITRE
a year ago
PARISITE Threat Group | Dragos
CERT-EU
a year ago
The Tragic Fallout From a School District’s Ransomware Breach | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting