ETDA ThaiCERT
Report
Search
Home > List all groups > Clever Kitten

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Clever Kitten

NamesClever Kitten (CrowdStrike)
Group 41 (Talos)
CountryIran Iran
MotivationInformation theft and espionage
First seen2013
Description(CrowdStrike) Clever Kitten primarily targets global companies with strategic importance to countries that are contrary to Iranian interests.

Clever Kitten actors have a strong affinity for PHP server-side attacks to make access; this is relatively unique amongst targeted attackers who often favor targeting a specific individual at a specific organization using social engineering. Some attackers have moved to leveraging strategic web compromises. The reason for this is likely the availability of exploits against web browsers, which for a variety of reasons allows an attacker to bypass security features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR).
ObservedSectors: Global companies with strategic importance to countries that are contrary to Iranian interests..
Tools usedAcunetix Web Vulnerability Scanner, RC SHELL.
Information<https://www.crowdstrike.com/blog/whois-clever-kitten/>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Subgroup: [Unnamed group USA]
Next: Cobalt Group

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key