According to a new Crowdstrike report, an actor associated with a contractor for the Iranian intelligence service known as "Pioneer Kitten" advertised selling access to servers on an underground forum in July.
Pioneer Kitten, also tracked by cybersecurity firms as Fox Kitten and Parasite, has been active since 2017 with a broad array of interests. Per Crowdstrike, those include "technology, government, defense, healthcare, aviation, media, academic, engineering, consulting and professional services, chemical, manufacturing, financial services, insurance, and retail" sectors.
The contractor relies on several open-source tools and SSH tunneling – creating an encrypted tunnel through an SSH connection to gain access. It also takes advantage of publicly known vulnerabilities in VPNs as well as network devices, including Pulse Secure Pulse Connect Secure 8.2, Citrix Application Delivery Controller (ADC) and GateWay (previously sold as NetScaler ADC and Gateway and F5 Networks BIG-IP load balancer).