According to ClearSky ‘s research team , an extensive hacking campaign is currently taking place that has affected companies around the world. Campaigners are Iranian hacking teams who have breached VPN servers and planted bugs and backdoors . Through them, criminals have managed to gain access to the networks of many companies and organizations around the world.
ClearSky researchers uncovered widespread Iranian attacks on VPN servers during the last quarter of 2019. The campaign was dubbed the “Fox Kitten Campaign” .
“This campaign has been going on for the last three years and targets dozens of companies and organizations around the world,” the security company said .
“Through this campaign, the attackers were able to gain access to and stay in the networks of numerous companies and organizations in the IT, telecommunications, oil, gas, aviation, government and security sectors for a long time,” he added. .
The hackers install malware , but targeting and acquisition of long-term and full control of victim devices.
The purpose of the hacking campaign was to obtain valuable information from the target organizations.
According to experts, the hackers, having access to the target organizations, managed to infiltrate other companies through supply chain attacks.
The Iranian hackers have used various tools to break the VPN servers. Most were open-source code-based tools. Some of them were created by hackers themselves.
Iranian APT teams have been stealing information from dozens of companies around the world over the past three years.
The most successful attacks have been through exploiting vulnerabilities in systems with outdated VPN and RDP services . Vulnerabilities allow attackers to gain access to and control of systems where valuable information is stored.
After violating VPN services, the attackers install malware to gain further access to the central corporate network.
Therefore, locating and closing an access point did not necessarily stop the hackers from accessing the network , because they had arranged to open various “diodes” with backdoors, etc.
“Iranian APT teams have developed powerful attack techniques and are able to exploit one-day vulnerabilities in relatively short periods of time,” the researchers said.
ClearSky discovered Iranian teams exploiting VPN vulnerabilities within hours of reporting the bugs.
According to data available to date, Iranian hackers have targeted Pulse Secure , Fortinet , Palo Alto Networks and Citrix VPN to gain access to large companies.