Iranian hackers are selling access to compromised companies on an underground forum
Today, cybersecurity firm Crowdstrike released a report detailing the operations of Iranian state-sponsored hacking groups, particularly their sale of compromised network access on an underground hacking forum. Crowdstrike identified the group using the codename Pioneer Kitten, which is an alternative designation for the group more commonly known as Fox Kitten or Parisite. Crowdstrike suspects that the group is a contractor for the Iranian government, as it has spent the past two years hacking into corporate networks through leveraging vulnerabilities in VPNs and other equipment.
According to Crowdstrike’s report, Pioneer Kitten has been gaining access to corporate networks through capitalizing on vulnerabilities, planting backdoors, and then providing access to other Iranian-linked threat actors. Other groups that Pioneer Kitten has allowed to access compromised networks are APT33, Oilrig (APT34), and Chafer. These links were found and documented in a report released by security firm Dragos.