CopyKittens, Slayer Kitten
Description
CopyKittens is an Iranian cyberespionage group that has been operating since at least 2013. It has targeted countries including Israel, Saudi Arabia, Turkey, the U.S., Jordan, and Germany. The group is responsible for the campaign known as Operation Wilted Tulip.
Names
| Name | Name-Giver |
|---|---|
| CopyKittens | Trend Micro |
| Slayer Kitten | CrowdStrike |
Country
Motivation
- Information theft and espionage
First Seen
2013
Observed Sectors
Observed Countries
Tools
Operations
- 2013: Operation “Wilted Tulip” In this report, Trend Micro and ClearSky expose a vast espionage apparatus spanning the entire time the group has been active. It includes recent incidents as well as older ones that have not been publicly reported; new malware; exploitation, delivery and command and control infrastructure; and the group’s modus operandi. We dubbed this activity Operation Wilted Tulip. https://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf
- 2015: CopyKittens has conducted at least three waves of cyber-attacks in the past year. In each of the attacks the infection method was almost identical and included an extraordinary number of stages used to avoid detection. As with other common threat actors, the group relies on social engineering methods to deceive its targets prior to infection. https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf
- 2017-01: Breach of the Israeli newspaper Jerusalem Post As part of our monitoring of Iranian threat agents activities, we have detected that since October 2016 and until the end of January 2017, the Jerusalem Post, as well as multiple other Israeli websites and one website in the Palestinian Authority were compromised by Iranian threat agent CopyKittens. https://www.clearskysec.com/copykitten-jpost/
Mitre Attack
Other Information
Uuid
a674fc23-26e8-4f6e-ba55-1a6ef4029878
Last Card Change
2020-04-22