Tracer Kitten

Description

(CrowdStrike) In April 2020, OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a telecommunications company in the Europe, Middle East and Africa (EMEA) region. The actor was found operating under valid user accounts, using custom backdoors in combination with SSH tunnels for C2. The adversary leveraged their foothold to conduct a variety of reconnaissance activities, undertake credential harvesting and prepare for data exfiltration.

Telecommunications is currently the third most frequently targeted vertical. This industry still remains firmly within the crosshairs for targeted attacks, the motivations of which are likely associated with espionage and data theft objectives.

Names

Name	Name-Giver
Tracer Kitten	CrowdStrike

Country

Iran

Motivation

Information theft and espionage

First Seen

2020

Observed Sectors

Telecommunications

Observed Countries

Europe, Middle East and Africa

Information

https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf

Other Information

Uuid

cabd014b-5087-4ff8-b0c8-74202e82fa1d

Last Card Change

2022-12-31

Threat Intelligence Garden

Explorer

Tracer Kitten

Tracer Kitten

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks