Pioneer Kitten is trying to monetize by selling access to some of the networks it has hacked to other hackers.Iran’s state-sponsored hacking groups selling access to compromised corporate networks on an underground hacking forum.
“PIONEER KITTEN tradecraft is characterized by a pronounced reliance on exploits of remote external services on internet-facing assets to achieve initial access to victims, as well as almost total reliance on open-source tooling during operations,”.
The Iranian hacker group has been hacking VPN servers over the past few months to plant backdoors in companies around the world targeting Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs.
The hacking group is an Iran-based adversary, active since 2017. This adversary focuses on gaining and maintaining access to entities possessing sensitive information of likely intelligence interest to the Iranian government.
The codename Pioneer Kitten is an alternative designation for the group, also known as Fox Kitten or Parasite.
Pioneer Kitten exploits
The group is interested in exploits related to multiple vulnerabilities in VPNs and networking devices, including
PIONEER KITTEN’s namesake operational characteristic is its reliance on SSH tunnelling, through open-source tools such as Ngrok and the adversary’s custom tool SSHMinion, for communication with implants and hands-on-keyboard activity via Remote Desktop Protocol (RDP).
Pioneer Kitten Targets
The group have focused their attacks against entities in North America and Israeli, targeting sectors including government, technology, aviation, healthcare, media, defense, consulting and professional services, academic, engineering, chemical, manufacturing, insurance, financial services and retail.