In recent days, a rather fearsome piece of malware, known by the name of, has been identified and analysed Imperial Kitten.
According to the experts of CrowdStrikethe malicious agent would have close ties with Iran and, more specifically, with theIslamic Revolutionary Guard Corps (known as IRGC).
The malware has apparently been active for several years and in the past has targeted sectors such as energy, shipping, recently shifting its target to technology companies. So far the campaigns have mainly targeted Middle Eastern entities, especially Israelis, although future diffusion in the West is not ruled out.
Regarding the spread of Imperial Kitten, experts have cited extensive use of strategies social engineeringexploiting above all bait relating to job proposals, combined with classic actions phishing. For experts, in the diffusion technique, they could also be used Excel documents con harmful macros.
Imperial Kitten malware uses advanced social engineering techniques to spread
Intrusion chains exploit various techniques and procedures, including the use of public and non-public scanning tools, as well as the exfiltration of data through customized malware and open source come MeshAgent3.
CrowdStrike monitored the actions of cybercriminals between the beginning of 2022 and 2023, noting how they are carrying out SWC operationsi.e. attacks in which an attempt is made to compromise visits based on a common interest, then attracting them to a compromised website.
The infrastructure created by cyber criminals currently involves a dozen domains, mainly Israeli, exploited for the spread of actual malware.
The cybercriminals involved in Operation Imperial Kitten appear to be using several customized tools, such as a dedicated remote access tool (RAT) which exploits Discordbut also other tools (such as IMAPLoader e StandardKeyboard) to take advantage of the electronic door for command and control purposes of the targeted device.