Researchers Hack Iran-Linked Spy Group's Infrastructure

  • 9 November 2015
  • 2 replies
  • 192 views

Userlevel 7
Badge +54
By Eduard Kovacs on November 09, 2015 A new report from security solutions provider Check Point provides further insight into the activities of the Iran-linked threat group known as Rocket Kitten.

Rocket Kitten has been around since at least early 2014 and its activities have been analyzed by several security firms, including FireEye (Operation Saffron Rose), iSIGHT Partners (Newscaster), ClearSky (Thamar Reservoir) and Trend Micro (Woolen GoldFish).

The fact that its campaigns have been closely monitored by security firms doesn’t seem to have discouraged the advanced persistent threat (APT) group, which simply made some changes to its tools and phishing domains and continued its activities.

Check Point started analyzing Rocket Kitten after the group targeted one of its customers. While investigating a phishing server used by the threat actor, experts noticed that the XAMPP web server hosted on it was not configured properly, allowing anyone to gain root access without needing a password. Full Article

2 replies

Userlevel 7
Hmmmm...the Iranians have been stealthily getting on with it and developing their cyber warfare capabilities as they forsee it as an area that the West is weak...and from what I have read they are correct.
 
It is good to see that the roles are reversed in this case and they are being 'scrutinised' intimately (polite way of saying 'hacked' ;))...but then again that is not surprising when one takes into account that Checkpoint, unless I am much mistaken, is an Israeli company?
Userlevel 7
Iran deserves all that they can get and than some. Don't trust the Iranians as far as I can spit.

Reply