DEV-0270, Nemesis Kitten

Description

A subgroup of Magic Hound, APT 35, Cobalt Illusion, Charming Kitten.

(Microsoft) Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations, including widespread vulnerability scanning, on behalf of the government of Iran. However, judging from their geographic and sectoral targeting, which often lacked a strategic value for the regime, we assess with low confidence that some of DEV-0270’s ransomware attacks are a form of moonlighting for personal or company-specific revenue generation.

Names

Name	Name-Giver
DEV-0270	Microsoft
Nemesis Kitten	CrowdStrike
DireFate	BAE Systems
Yellow Dev 23	PWC
Yellow Dev 24	PWC
Lord Nemesis	OP Innovate

Country

Iran

Motivation

Financial gain

First Seen

2022

Tools

Operations

2023-11: Lord Nemesis Strikes: Supply Chain Attack on the Israeli Academic Sector https://op-c.net/blog/lord-nemesis-strikes-supply-chain-attack-on-the-israeli-academic-sector/

Information

https://www.microsoft.com/security/blog/2022/09/07/profiling-dev-0270-phosphorus-ransomware-operations/

Other Information

Uuid

e96efff5-793f-430f-b8fb-5c64c83fa232

Last Card Change

2024-03-10

Threat Intelligence Garden

Explorer

DEV-0270, Nemesis Kitten

DEV-0270, Nemesis Kitten

Description

Names

Country

Motivation

First Seen

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks