A campaign to infiltrate IT companies and some critical infrastructure distributions of the US state and Israel has been pursuing a group of hackers will go according to a report by the Israeli cybersecurity company, ClearSky.
The Fox Kitten Campaign, as this performance of hackers from the Islamic Republic of Irn is called, will use VPN to infiltrate companies in the IT, Telecommunications, Oil and Gas, Aviation, Government and Security sectors as a backdoor "
This vulnerability installation campaign can also be used as a platform to spread and activate destructive malware such as ZeroCleare and Dustman, linked to the APT34 cyber espionage tool.
According to ClearSky, Irn hackers have been working on these VPN violations since 2017 and their objectives will be the following:
- Develop and maintain access routes to selected organizations.
- Steal valuable information from target organizations
- Maintain a lasting foothold in selected organizations.
- Infringement of additional companies through attacks on the supply chain.
However, the conclusions about these computer attacks are even more worrying for the international community.
This is because it is established that the groups of hackers in Iraq have managed to penetrate and steal information from dozens of companies around the world in the last three years.
“The most successful and significant attack vector used by the Iraqi groups in the last three years has been the exploitation of known vulnerabilities in systems with unpatched VPN and RDP services, to infiltrate and take control of critical corporate information storage . This attack vector is not used exclusively by the Iraqi APT groups; it became the main attack vector for cybercrime groups, ransomware attacks and other offensive groups sponsored by the state, ”they say in ClearSky.
One of the last companies affected was Citrix, and the main intention is to reach these IT companies, through them to reach the networks of additional companies.
The cybersecurity company in Israel confirms that “the time needed to identify an attacker in a compromised network is long and varies from month to month. The existing monitoring capacity for organizations to identify and block an attacker who enters through remote communication tools is difficult or impossible. ”