The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.

Dark Reading Staff, Dark Reading

September 2, 2020

1 Min Read

Pioneer Kitten, an advanced persistent threat (APT) group with suspected ties to the Iranian government, has operated since 2017 with the goal of gaining and maintaining access to entities holding sensitive data "of likely intelligence interest" to Iran, CrowdStrike researchers report.

The researchers who have been watching the threat say its behavior suggests Pioneer Kitten is likely a contract group operating in support of the Iranian government, rather than one operated by Iran itself. 

Its attackers' techniques heavily rely on exploits of remote external services on Internet-facing assets, which they use to gain access into a target environment. Pioneer Kitten is interested in exploits related to VPNs and network appliances, in particular CVE-2019-11510, CVE-2019-19781, and CVE-2020-5902. During their operations, they primarily rely on open source tooling. 

The group employs an opportunistic model and most attacks have centered on North American and Israeli entities. It seems most interested in the technology, government, defense, and healthcare sectors. However, it has also been seen targeting aviation, media, academia, engineering, consulting and professional services, financial services, manufacturing, and retail.

Read more details here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights