Group targets individuals, private businesses, academic institutes, and state departments in equal measure

Sep 4, 2015 11:22 GMT  ·  By

Trend Micro and ClearSky security firms have put out a joint, detailed paper in which they document the actions of an APT (Advanced Persistent Threat) group they believe is linked to the Iranian government.

Their research paints the picture of an APT group that started hacking strategic targets in foreign governments, academic institutions, and above all, targets located in Israel.

From April 2014 to this last June, Trend Micro and ClearSky experts analyzed information collected by other cyber-security agencies (iSIGHT and FireEye) and their own data and reached the conclusion that the APT group they've dubbed Rocket Kitten has ties to the Iranian government in some form or another.

Their conclusion stems from a series of incidents from mid-2015, when Dr. Thamar E. Gindin and a ClearSky researcher became the targets of this group.

Dr. Ginding, an expert in Iranian linguistics and pre-Islamic Iran, lecturer, and research fellow at the Ezri Center for Iran and Persian Gulf Research at the University of Haifa, aided ClearSky researchers with their Thamar Reservoir security research paper, which studied the Rocket Kitten group's hacking activities in countries of the Middle East.

Rocket Kitten targets authors of an anti-Iran security research paper

Soon after the study was published, Dr. Gindin and one of the researchers working on the paper became targets of various phishing campaigns.

At one point, Dr. Gindin was even contacted by phone, in an attempt by the hackers to find out more details about him so that they could break into his cloud, social, and email accounts.

While their methods were crude and unsophisticated, the fact that they specifically targeted researchers who published a paper tying the APT group's activity to Iran gives a measure of validity to it in the first place.

According to the research paper, "These facts suggest that Rocket Kitten may be engaging some sort of foreign political espionage campaign and may want to find regime-opponents active in driving policy in different ways. There are state actors in the region who are interested in gaining access to the information that can be found in people’s computers and emails."

The full "The Spy Kittens are Back: Rocket Kitten 2" PDF report is available online, but may take some time to load on slow connections.

Timeline of Rocket Kitten attacks
Timeline of Rocket Kitten attacks

Photo Gallery (2 Images)

Iran-connected hacking group exposed by Trend Micro and ClearSky
Timeline of Rocket Kitten attacks
Open gallery