Hackers Collecting Intelligence on Potential Opponents to Iranian Regime
An Iranian hacking group called Rampant Kitten has recently been observed targeting opposition and anti-regime organizations in a lengthy campaign that may have begun six years ago. Rampant Kitten has allegedly been targeting supporters of Mujahedin-e Khalq and the Azerbaijan National Resistance Organization, two movements that are currently advocating for the liberation of minorities within Iran. Cybersecurity researchers found that associated malicious websites had been registered by Rampant Kitten, who is using the sites to collect intelligence on members of the groups and their activities.
According to Check Point researchers, the attack vectors utilized in the campaign include four different variants of info stealers that target Windows devices, as well as an Android backdoor that captures 2FA codes from SMS messages, and Telegram phishing pages. The campaign was originally uncovered when researchers found the cybercrime group targeting the Mujahedin-e Khalq in Albania. The organization had relocated to the neighboring country following an increase in political tensions within Iran.