Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort

  /     /     /  
Publicated : 23/11/2024   Category : security

Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort


The Iran-linked group uses redirected websites to compromise victims and exfiltrate data in a campaign that has lasted over 2022 and 2023.


A group with links to Iran has been conducting watering-hole attacks against Israeli transportation, logistics, and technology sectors over the last two years, an investigation has uncovered.
According to
research by CrowdStrike
released today, the cyber-espionage attacks were conducted by a state-sponsored advanced persistent threat (APT) named Imperial Kitten (aka Yellow Liderc, Tortoiseshell, TA456, and Crimson Sandstorm), which has
previously targeted
organizations in the Israeli maritime, transportation, and technology sectors. The group has suspected links to Irans Islamic Revolutionary Guard Corps.
The
watering-hole attacks
involve what CrowdStrike called strategic web compromise, where Imperial Kitten has infiltrated legitimate sites in order to redirect website visitors to attacker-controlled locations that phish personal information and credentials. The data is then sent to a hardcoded domain and used for follow-on attacks. The compromised websites were primarily Israeli.
Imperial Kitten targets specific victims, such as IT service providers, for data exfiltration via strategic Web compromise. However, in some instances, the adversary directly serves malware to victims from the watering hole, and has mounted email campaigns involving used malicious Microsoft Excel documents in phishing attacks as another piece of the campaign.
In the latter instance, the group actively uses scanning tools, stolen VPN credentials, and vulnerability exploits to gain access to their targets, then uses the
PAExec utility
for lateral movement, and finally leverages custom and open source malware for data exfiltration. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Imperial Kitten APT Claws at Israeli Industry with Multiyear Spy Effort