Pioneer Kitten 🐈..!

Pioneer Kitten is trying to monetize by selling access to some of the networks it has hacked to other hackers.Iran’s state-sponsored hacking groups selling access to compromised corporate networks on an underground hacking forum.

“PIONEER KITTEN tradecraft is characterized by a pronounced reliance on exploits of remote external services on internet-facing assets to achieve initial access to victims, as well as almost total reliance on open-source tooling during operations,”.

The Iranian hacker group has been hacking VPN servers over the past few months to plant backdoors in companies around the world targeting Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs.

Pioneer Kitten

The hacking group is an Iran-based adversary, active since 2017. This adversary focuses on gaining and maintaining access to entities possessing sensitive information of likely intelligence interest to the Iranian government.

The codename Pioneer Kitten is an alternative designation for the group, also known as Fox Kitten or Parasite.

Pioneer Kitten exploits

The group is interested in exploits related to multiple vulnerabilities in VPNs and networking devices, including

PIONEER KITTEN’s namesake operational characteristic is its reliance on SSH tunnelling, through open-source tools such as Ngrok and the adversary’s custom tool SSHMinion, for communication with implants and hands-on-keyboard activity via Remote Desktop Protocol (RDP).

Pioneer Kitten Targets

The group have focused their attacks against entities in North America and Israeli, targeting sectors including government, technology, aviation, healthcare, media, defense, consulting and professional services, academic, engineering, chemical, manufacturing, insurance, financial services and retail.

3Ds Max malware ! APT group targets design industry

A case of espionage attack by a new hacker group that targets companies worldwide with malware hidden inside malicious 3Ds Max plugins.

3Ds Max is a 3D computer graphics application developed by Autodesk and is an app used by engineering, architecture, gaming, or software companies.

Autodesk has published an advisory this month warning users about a variant of “PhysXPluginMfx” MAXScript exploit that can corrupt 3ds Max’s settings, run malicious code, and propagate to other MAX files on a Windows system upon loading the infected files into the software.

The main aim of this plugin was to deploy a backdoor trojan that hackers could use to search infected computers for sensitive files and later steal important files.

Upon investigation, they able to confirm attacks against an international architectural and video production company, currently engaged in architectural projects with billion-dollar luxury real-estate developers across four continents.

It was revealed that hackers used a malware command and control (C&C) server that was located in South Korea.

These additional malware samples opened connections to the C&C server from countries such as South Korea, United States, Japan, and South Africa, suggesting that the hacker group might have also made other unconfirmed victims in these countries as well.

These connections dates back to at least one month, but it doesn’t indicate that the hacker group started operating one month ago, and hackers could have very easily used another server for older operations.

The security firm believes that this hacker group is another example of a sophisticated hacker-for-hire mercenary group that provides services like industrial espionage.

It is highly recommended that 3ds Max users should download the latest version of Security Tools for Autodesk 3ds Max 2021-2015SP1 to identify and remove the PhysXPluginMfx MAXScript malware