Menu
PNGCERT
Papua New Guinea Computer Emergency Response Team
  • Common Threats
  • Guides
  • Alerts
  • Events
  • News
  • Report Incident
Close Menu
Home
About
Policies
Services
Downloads
Contact Us
  • Home/
  • News/
  • Domestic Kitten is Actively Surveilling/
Photo by Maxim Hopman on Unsplash
February 12 2021

Domestic Kitten is Actively Surveilling Enemies of the Iranian State

News

Domestic Kitten (aka APT-C-50), an Iran-based threat group, has been conducting widespread surveillance campaigns targeting over 1,200 individuals. At present, four active campaigns have been discovered by experts that target individuals located in Iran, the U.S., Pakistan, and Afghanistan. These campaigns have been active since 2016.

What has been discovered?

This operation had 10 unique campaigns that targeted over 1,200 individuals with more than 600 successful infections. In addition, it included four active campaigns, and the most recent began in November 2020.
  • Initially, targeted victims are lured to install a malicious application by various vectors, such as an Iranian blog site, Telegram channels, and an SMS that contains a link to the malicious application.
  • So far, the country-wise count of targeted victims is Iran (251), the U.S. (25), Great Britain (3), Pakistan (19), Afghanistan (8), Turkey (1), and Uzbekistan (2).
  • In the recent ‘hass’ campaign, attackers mimic a Tehran-based application – Mohsen Restaurant. In another ‘mmh’ campaign, they mimicked ISIS supporters and an infected version of the Exotic Flowers application from Google Play.
At the beginning of these surveillance campaigns, the attackers were observed to be using the FurBall malware. This is spyware that pretends to be a security application or screen wallpapers.

The backstory

Despite being discovered in 2018, this campaign continued its extensive surveillance operations. The attacks are focused on the mobile phones of targeted individuals.
  • According to intelligence experts, such extensive surveillance operations are carried out by Iranian government entities, such as the Islamic Revolutionary Guard Corps (IRGC) and Ministry of Intelligence.
  • The outcome of these surveillance programs is often used against individuals and groups that could pose a threat to the stability of the Iranian regime.

Conclusion

The recent campaigns show how Iranian-based hackers have refined their technical proficiency and abilities. Thus, experts suggest using up-to-date antivirus applications in a smartphone, a genuine source for downloading applications, and avoiding opening links arriving via SMS or shared on social media applications.
If you use Slack on Android, reset your password now Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

Related Posts

Photo by Sigmund on Unsplash

Alerts, News

Android spyware strains linked to state-sponsored Confucius threat group

Photo by Markus Winkler on Unsplash

News

Researchers Discover 30 Popular Mobile Health Apps Exposing Millions of Patient Records

Photo by Sven Read on Unsplash

Alerts, News

Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products

Recent Posts

  • Android spyware strains linked to state-sponsored Confucius threat group February 12, 2021
  • Researchers Discover 30 Popular Mobile Health Apps Exposing Millions of Patient Records February 12, 2021
  • Siemens Patches 21 More File Parsing Vulnerabilities in PLM Products February 12, 2021
  • Domestic Kitten is Actively Surveilling Enemies of the Iranian State February 12, 2021
  • If you use Slack on Android, reset your password now February 11, 2021
Back To Top
PNGCERT
Follow Us

Explore

  • Home
  • About
  • Policies
  • Services
  • Downloads
  • Report Incident
  • Contact Us

Related Links

  • CERT New Zealand
  • Australian Cyber Security Center
  • Safer Internet Day
  • Pacific Cyber Security Operational Network
  • National Information & Communications Technology

Our Office

PNGCERT
C/-NICTA
Frangipani Street, Hohola
P O Box 8222
BOROKO
National Capital District
Papua New Guinea

Contact Us

MON – FRI: 8 AM to 5 PM
Telephone: 3033200
Facsimile: 3266868

© PNGCERT 2021
Papua New Guinea Computer Emergency Response Team
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT