Parisite

Parisite, also known as Fox Kitten, Pioneer Kitten, or UNC757, is a threat actor believed to be associated with the Iranian government. This group has been operational since at least 2017, exhibiting activities targeting a broad geographic range including entities in the US, the Middle East, Europe, and Australia. Parisite's primary focus appears to be industrial organizations with Industrial Control System (ICS) implementations and related entities, although its activities also extend to government and non-governmental organizations. The group targets various industrial verticals such as aerospace, oil and gas, and utilities including water, electric, and gas. In August 2020, the FBI reported that Parisite was actively attacking the US private and government sector. The cybersecurity firm Dragos identified Parisite activity specifically targeting ICS-related entities using known Virtual Private Network (VPN) vulnerabilities. Parisite's current operations suggest an interest in gaining initial access to enterprise networks, including industrial networks, by exploiting vulnerable VPN appliances. The group uses known open-source penetration testing tools for reconnaissance and to establish encrypted communications. Despite its extensive targeting and infiltration activities, Parisite does not currently appear to possess an ICS-specific disruptive or destructive capability. Instead, it demonstrates only initial access, enabling further operations for another threat actor, MAGNALLIUM. Although this lack of destructive capabilities may seem less threatening, the potential for information theft, espionage, and preparation for future attacks should not be underestimated. Consequently, it is crucial for organizations to remain vigilant and implement robust security measures to protect against such threat actors.