Siamesekitten

Siamesekitten, also known as OilRig, APT34, Lyceum, or Crambus, is a threat actor group believed to be based in Iran. This cyberespionage entity has been active since at least 2014 and has targeted various organizations across the globe with malicious intent. The group is known for its sophisticated attacks and evolving methodologies, which often involve custom malware and advanced persistent threats (APTs). Given the nature of their activities, they pose a significant risk to both private and public sector entities, particularly those with sensitive data. In recent years, Siamesekitten has escalated its operations. Researchers at cybersecurity firm ClearSky reported that this Iranian APT group was specifically targeting Israeli companies in a supply chain attack campaign. These attacks typically aim to infiltrate an organization's network through a less secure element in the supply chain, allowing the threat actors to gain unauthorized access to critical systems and data. Such targeted campaigns demonstrate the group's strategic approach to cyberespionage and their ability to exploit vulnerabilities within interconnected business ecosystems. The threat actor group has continued to innovate, deploying four new downloaders—SampleCheck5000 (SC5k v1-v3), ODAgent, OilCheck, and OilBooster—in their attacks as revealed by ESET researchers on December 14th. These tools were added to Siamesekitten's already large arsenal of custom malware over the past year, indicating their commitment to refining their tactics and enhancing their capabilities. As such, organizations are advised to remain vigilant and implement robust cybersecurity measures to mitigate the risks posed by this persistent and evolving threat.