Check Point details Iranian hacker group’s ongoing espionage campaign | HT Tech

Check Point details Iranian hacker group’s ongoing espionage campaign

The hacker group nicknamed ‘Rampant Kitten’ has developed an Android backoor that steals 2FA codes, and ran phishing programs on Telegram as well.  

| Updated on: Sep 20 2020, 11:23 IST
Check Point's report explains the hacker group's espionage in detail.
Check Point's report explains the hacker group's espionage in detail.

Check Point Research revealed details on an Iranian hacker group that has developed tools to steal information from Windows systems, Telegram and even via SMS. According to the researchers at Check Point, these hacking tools were primarily used against Iranian minorities, anti-regime organisations and resistance movements.

Check Point researchers have named this hacker group “Rampant Kitten”, and they've been active for around six years. In a report, Check Point detailed the different hacking tools deployed by the group. One includes four variants of Windows infostealers that can steal the user's personal documents. It can also get access to the user's Telegram desktop app, and KeePass account information as well.

You may be interested in

MobilesTablets Laptops
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
27% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The hackers also developed an Android backdoor that can extract two-factor authentication codes from SMS messages. This Android backdoor is disguised as an app that helps Persian speakers in Sweden get their driver's license. In addition to 2FA, it can also gain access to personal information like contacts and account details, device information and activate voice recording. It can even perform Google account phishing attacks.

Also read
Looking for a smartphone? To check mobile finder click here.

Telegram is another popular platform for these hackers to exploit. In some cases, the hackers posed as the official Telegram account and hosted phishing pages on the platform. Similar to the authentic Telegram account, this one too would start out by sending messages of the app's updates. It was only after a few days that the account would send phishing messages. The messages warned users of their accounts being reported for misusing Telegram, and they have to verify their account by clicking on a link.

Considering the groups that are targeted by this hacking group, Check Point's report highlights that the hackers want to understand the behaviour and activities of the victims. Check Point suspects another similar case to occur where hackers try to get information on the same group of people.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 20 Sep, 11:23 IST