Static Kitten

Threat Actor updated 23 days ago (2024-11-29T14:45:11.305Z)
Download STIX
Preview STIX
Static Kitten, also known as MuddyWater, Mercury, Mango Sandstorm, and TA450, is an Iranian government-sponsored hacking group suspected to be linked to the Iranian Ministry of Intelligence and Security. The group has been active since 2017 and is notorious for its cyber-espionage activities. Static Kitten uses various tactics, such as spear-phishing campaigns, to infiltrate systems and steal sensitive information. In recent events, Static Kitten has targeted Israeli entities with a new spear-phishing campaign, distributing N-able's Advanced Monitoring Agent remote administration tool. In March 2024, Static Kitten launched a phishing campaign where they distributed two URLs via phishing emails, directing recipients to Onehub, a legitimate file storage service that Static Kitten is known to use for malicious purposes. These URLs led to ZIP files themed to be relevant to government agency employees. Anomali Threat Research confirmed that Static Kitten continues to use Onehub to host a file containing ScreenConnect, which is likely used to steal sensitive information or download malware for additional cyber operations. The delivery URLs found in this campaign were "ws.onehub[.]com/files/7w1372el" and "ws.onehub[.]com/files/94otjyvd". The phishing emails contained files with names translated as "Analysis and study of the normalization of relations between the Arab countries and Israel", "Scholarships", and "Project". The objective was to direct users to a downloader URL via a phishing email that impersonates an EXE file. Static Kitten's activities represent both a continuation and evolution of tactics used by similar groups such as APT34, also known as Cobalt Gypsy, OilRig, and Helix Kitten.
Description last updated: 2024-07-17T01:15:36.241Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
MuddyWater is a possible alias for Static Kitten. MuddyWater is an Advanced Persistent Threat (APT) actor that first surfaced in 2017, primarily targeting countries in the Middle East, Europe, and the USA. The group uses a range of techniques for its cyber-espionage activities, including PowerShell for execution, HTTP for C2 communications, and mal
4
Ta450 is a possible alias for Static Kitten. TA450, an Advanced Persistent Threat (APT) group, is a threat actor linked to Iran that has been identified as being behind a series of cyber-attacks. APTs are typically associated with nation-states or state-sponsored groups and are known for their persistence and ability to remain undetected over
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Static Kitten Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
5 months ago
Securityaffairs
9 months ago
BankInfoSecurity
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
CERT-EU
2 years ago