Siamesekitten

Threat Actor updated 2 months ago (2024-09-24T10:00:56.351Z)

Download STIX

Preview STIX

Siamesekitten, also known as OilRig, APT34, Lyceum, Crambus, is a cyberespionage group believed to be based in Iran. Active since at least 2014, the group has been implicated in various hacking activities with malicious intent. Siamesekitten's operations have been linked to numerous other threat groups including UNC1860 and Scarred Manticore, demonstrating its significant role in the global cybersecurity landscape. In recent years, Siamesekitten has escalated its activities by targeting Israeli companies in supply chain attack campaigns. These attacks were highlighted by researchers at cybersecurity firm ClearSky, who noted the group's increasing sophistication and tactical evolution. The continued focus on Israeli targets indicates an ongoing geopolitical motivation behind Siamesekitten's operations. Moreover, Siamesekitten has expanded its arsenal of custom malware tools, deploying four new downloaders — SampleCheck5000 (SC5k v1-v3), ODAgent, OilCheck, and OilBooster — within the past year. This development was revealed by ESET researchers, underscoring the group's persistent efforts to enhance its capabilities. The continuous development and deployment of these tools signify the group's intention to remain a formidable threat actor in the realm of cyber espionage.

Description last updated: 2024-09-24T09:16:04.041Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
OilRig is a possible alias for Siamesekitten. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Siamesekitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	2 months ago	Meet UNC1860: Iran's Low-Key Access Broker for State Hackers
ESET	a year ago	OilRig’s persistent attacks using cloud service-powered downloaders
DARKReading	a year ago	Iran-Linked 'OilRig' Cyberattackers Target Israel's Critical Infrastructure, Over & Over
CERT-EU	a year ago	OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
BankInfoSecurity	2 years ago	Phishing Campaign Targets Job Seekers, Employers