Fox Kitten
Fox Kitten is the name of a cybercrime campaign, which has been observed by cybersecurity experts strictly for the past three years. This is not an ordinary hacking campaign, and its targets are not regular users certainly – the attacks are carried out by high-profile cybercrime groups, and their targets include high-profile companies and individuals in various sectors (aviation, politics, IT, telecoms, government, oil and others). Some of the suspected hackers to be involved in the Fox Kitten campaign also are linked to the infamous Advanced Persistent Threat (APT) groups APT33, APT34 and APT39. APT33 is best known for its involvement in the development and use of the Shamoon wiper, while APT34 made the news under the name 'OilRig.' All three of these cybercrime groups are believed to originate from Iran, but the scope of their attacks has a global reach.
Fox Kitten Hackers Go after Companies in Several Industries
The primary purpose of the Fox Kitten campaign is to provide the remote attackers with long-term access to the compromised network, therefore enabling them to engage in espionage, as well as collect potentially valuable or confidential data. The Fox Kitten hackers also used their illicit access to the compromised networks to launch supply-chain attackers that could help them penetrate the defenses of other companies.
One of the most troublesome things about the Fox Kitten campaign is that its perpetrators include hackers who have used disk wiping malware previously – if such a threat is employed in this campaign, the damage it causes may impair the activity of major names in various industries. The Fox Kitten hackers focus on using private hacking tools, but they also utilize the services of some popular and legitimate administration tools such as Ngrok, FRP, Plink and Putty. In terms of hacking tools, the Fox Kitten members rely on Trojan backdoors, port scanning/mapping tools and custom VBScript launchers.
The primary infection vectors that the Fox Kitten hackers use to penetrate the defenses of their targets are vulnerable VPN and Remote Desktop Protocol (RDP) services and software. The Fox Kitten campaign is still active, and it is a matter of time to hear more about it in 2020.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.