Wednesday, January 20, 07:15
Home security Iranian hackers sell access to compromised corporate networks

Iranian hackers sell access to compromised corporate networks

Iranian hackers
Iranian hackers sell access to compromised corporate networks

Iranian hackers and specifically a state hacking team of Iran, began to sells access to corrupt companies networks via underground hacking forums, according to the cybersecurity company Crowdstrike.

The Iranians hackers have the code name Pioneer Kitten, but are also known as Fox Kitten ή Parisite.

According to Crowdstrike, these Iranians hackers serve the Iranian regime, and during 2019 and 2020 targeted corporate networks, exploiting VPN vulnerabilities and networking equipment, such as:

  • Pulse Secure “Connect” corporate VPN (CVE-2019-11510)
  • Fortinet VPN servers running FortiOS (CVE-2018-13379)
  • Palo Alto Networks “Global Protect” VPN servers (CVE-2019-1579)
  • Citrix “ADC” servers and Citrix network gateways (CVE-2019-19781)
  • F5 Networks BIG-IP load load balancers (CVE-2020-5902)

According to a report by the cybersecurity company Dragos, Iranian hackers were violating network devices using the above vulnerabilities and installing backdoors and then provided the access to other Iranian hacking groups, such as APT33 (Shamoon), Oilrig (APT34) or Chafer.

The other groups are extending the "initial access" that Pioneer Kitten has gained, and are spreading more networks using more advanced malware and exploits. Their goal is finding and stealing sensitive information that may be of interest to the Iranian government.

violated corporate networks
Iranian hackers sell access to compromised corporate networks

However, in a report today, Crowdstrike states that Pioneer Kitten has been participating in hacking forums since July 2020, and is trying to sell access to some of these breached networks.

Crowdstrike believes that the Iranians hackers just try to increase revenue from networks that are likely to have no value for Iranian intelligence services (do not have useful information).

The classic targets of hacking groups funded by Iran usually include: companies and governments in USA, Israel and others Arab countries in the Middle East. In addition, the areas of interest to hackers usually include defense, The health care, The technology and government. Everything else is probably not of interest to the Iranian government, so it is sold in hacking forums.

Pioneer Kitten's biggest customers are usually gangs ransomware.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortresshttps://www.secnews.gr
Pursue Your Dreams & Live!

LIVE NEWS

00:02:49

The creator of PUBG is planning an IPO worth $ 27,2 billion!

https://www.youtube.com/watch?v=ZE1qwCJCXl0 Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...
00:02:10

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...