Bitdefender researchers have found attacks performed by Remix Kitten in the Middle East region. The campaigns are targeted at air transportation and government and have relied on social engineering, custom backdoors and ‘living off the land’ tools. Remix Kitten is an Iranian Advanced Persistent Threat that performs Cyber Espionage since at least 2014 to collect personal information that serves the country’s geopolitical interests.
The Remix Kitten had previously taken aim at T urkish government organizations and foreign
diplomatic entities based in Iran with the goal of exfiltrating sensitive data too. Fire Eye also
reported the APT’s interests in telecommunications and travel industries. The company affirmed, “Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals.”
This APT uses spear-phishing emails with malicious attachments to target various organizations. Bitdefender reported that the APT was able to create user accounts on the victims’ machine and perform malicious actions inside the network, including network scanning (CrackMapExec), credential harvesting (Mimikatz), and move laterally inside the networks using a wide arsenal of tools at their disposal during their Kuwait campaigns. The report also stated that most attacks happened on weekends and the ultimate goal was data exploration and exfiltration. The attack against a Saudi Arabian entity involved the use of social engineering to trick the victim into running a remote access trojan (RAT).
