The customized malware and creative phishing techniques of cyber-espionage groups prove that there is a recurring industry problem. Cyber criminals can evade detection by making minimal changes to bypass most current protection solutions. Since early 2014, the attacker group dubbed ‘Rocket Kitten’ has been actively targeting organizations through malware infections and spear phishing campaigns. After an attack incident against a customer, Check Point researchers joined the investigations and released a report detailing the operations of the cyber-espionage campaign.
The Rocket Kitten group has been studied and analyzed on multiple occasions by different vendors, and these attacks have been linked to a global cyber-espionage campaign. They are known for extensively using various phishing schemes, along with custom-written malware, to execute their attacks. It has been reported that the group persistently e-mailed, called and responded with fake identities tailored for each victim – this clearly shows the creative mindset of the attackers as they read public reports about their targets and used it to adapt their tactics.
Phishing Logs and Successes Over Time
While the campaign has previously been made public by other researchers, the attacks did not stop. Instead, minimal changes were made to the groups’ tools and phishing domains so that the attackers could continue targeting victims without interruption. In fact, the group remains active with reported attacks as recent as October 2015.
The targets of many successful attacks were individuals and organizations in the Middle East (including targets inside Iran itself), as well as across Europe and in the United States. In their investigation, Check Point researchers were able to access the victim database after the attackers failed to protect their phishing server. The target list contained 1600 targets, which included a very large campaign against scholars, scientists, CEOs, ministry officials, education institutes, media and journalists, and notable human rights activists.
This report describes the inner workings of Rocket Kitten, including an analysis of the target verticals, a chart of the attack timeline, and the true identity of the malware authors behind the campaign.
Download the full report ‘Rocket Kitten: A Campaign with 9 Lives’ here.