THE article provides a comprehensive profile of the Iranian threat actor group named Fox Kitten, known for its dual role of collecting intelligence for the Iranian regime and facilitating ransomware attacks for profit. Active since 2017, this state-sponsored group targets a wide range of sectors globally, particularly focusing on vulnerabilities in internet-facing devices. Key techniques used by Fox Kitten include to exploit known vulnerabilities, credential theft, and sophisticated persistence methods.
The article outlines past campaigns, mitigation strategies, and how SOCRadar can assist organizations in defending against these threats. It also includes a detailed mapping of Fox Kitten's tactics, techniques, and procedures (TTPs) based on the MITRE ATT&CK framework.