Security researchers have reported that unpatched bugs in VPN and RDPs allowed Iran to conduct a cyber-espionage campaign that infiltrated global organizations. Although the campaign was already attributed to APT33, a state-sponsored hacking group, security firm Clearsky has publicized further details.
The new report claims that the three-year-long campaign named Fox Kitten was likely the product of the state-sponsored groups APT33, APT34, and APT39. Companies across the IT, telecoms, oil, gas, aviation and defense industries were targeted by the campaign, and many of their networks were compromised by backdoors planted by the hacking groups. These backdoors create a long-lasting foothold within these companies. The initial hacks were achieved by exploiting one-day vulnerabilities in VPN services.