Check Point Software recently published a 38-page report identifying specific details and broad analysis on cyber-espionage activity conducted by the group ‘Rocket Kitten,’ with possible ties to Iranian Revolutionary Guard Corps. The new report also reveals details of the group’s global operations and unique insight into more than 1,600 of their targets.
Led by researchers in Check Point’s Threat Intelligence and Research Area, the never-before-published data paints a picture of strategic malware attacks supported by persistent spear phishing campaigns. The details show Rocket Kitten actively targeted individuals and organisations in the Middle East, as well as across Europe and in the United States, documenting specifics such as:
· Business and government sectors across Saudi Arabia, including news agencies and journalists; academic institutions and scholars; human rights activists; military generals; and members of the Saudi royal family.
· Embassies, diplomats, military attachés and ‘persons of interest’ across Afghanistan, Turkey, Qatar, United Arab Emirates, Iraq, Kuwait and Yemen, as well as NATO commands in the region.
· Dozens of Iran researchers, as well as European Union Iran research groups, specifically in the fields of foreign policy, national security and nuclear energy.
· Venezuelan trade and finance targets.
· Former Iranian citizens of various influential positions.
· Islamic and anti-Islamic preachers and groups; famous columnists and cartoonists; TV show hosts; political parties; and government officials.
Researchers were also able to trace and unmask the true identity of an aliased attacker, identified as “Wool3n.H4T,” as one of the prominent figures behind this campaign. Further, based on the nature of the attacks and associated repercussions, the report suggests Rocket Kitten’s motives were aligned with nation-state intelligence interests, aimed at extracting sensitive information from their targets.
“This research provides a rare look at the nature and global targets of a global cyber espionage group,” said Shahar Tal, Research Group Manager, Check Point. “While Check Point customers are protected against all known variants of these threats by Rocket Kitten, it is our hope fellow security vendors and malware research professionals take the proper precautions and deploy relevant protections.”