Siamesekitten

Threat Actor updated a month ago (2024-11-29T14:04:26.692Z)
Download STIX
Preview STIX
Siamesekitten, also known as OilRig, APT34, Lyceum, Crambus, is a cyberespionage group believed to be based in Iran. Active since at least 2014, the group has been implicated in various hacking activities with malicious intent. Siamesekitten's operations have been linked to numerous other threat groups including UNC1860 and Scarred Manticore, demonstrating its significant role in the global cybersecurity landscape. In recent years, Siamesekitten has escalated its activities by targeting Israeli companies in supply chain attack campaigns. These attacks were highlighted by researchers at cybersecurity firm ClearSky, who noted the group's increasing sophistication and tactical evolution. The continued focus on Israeli targets indicates an ongoing geopolitical motivation behind Siamesekitten's operations. Moreover, Siamesekitten has expanded its arsenal of custom malware tools, deploying four new downloaders — SampleCheck5000 (SC5k v1-v3), ODAgent, OilCheck, and OilBooster — within the past year. This development was revealed by ESET researchers, underscoring the group's persistent efforts to enhance its capabilities. The continuous development and deployment of these tools signify the group's intention to remain a formidable threat actor in the realm of cyber espionage.
Description last updated: 2024-09-24T09:16:04.041Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
OilRig is a possible alias for Siamesekitten. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Siamesekitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more