Iranian hacker group selling server access on underground forums

cloud server

According to a new Crowdstrike report, an actor associated with a contractor for the Iranian intelligence service known as "Pioneer Kitten" advertised selling access to servers on an underground forum in July.

Pioneer Kitten, also tracked by cybersecurity firms as Fox Kitten and Parasite, has been active since 2017 with a broad array of interests. Per Crowdstrike, those include "technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail" sectors.

The contractor relies on several open-source tools and SSH tunneling – creating an encrypted tunnel through an SSH connection to gain access. It also takes advantage of publicly known vulnerabilities in VPNs as well as network devices, including Pulse Secure Pulse Connect Secure 8.2, Citrix Application Delivery Controller (ADC) and GateWay (previously sold as NetScaler ADC and Gateway and F5 Networks BIG-IP load balancer).

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.