IRG0097

Domestic KittenDomestic Kitten

Also known as: Bouncing Golf · APT-C-50 · Domestic Kitten

Origin
IR
Known aliases
3

Profile

An extensive surveillance operation targets specific groups of individuals with malicious mobile apps that collect sensitive information on the device along with surrounding voice recordings. Researchers with CheckPoint discovered the attack and named it Domestic Kitten. The targets are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.

Aliases· 3

Bouncing GolfAPT-C-50Domestic Kitten

MITRE ATT&CK Group crosswalk

G0097

References

  1. https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/
  2. https://www.trendmicro.com/en_us/research/19/f/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east.html
  3. https://www.welivesecurity.com/2022/10/20/domestic-kitten-campaign-spying-iranian-citizens-furball-malware/
  4. https://research.checkpoint.com/2021/domestic-kitten-an-inside-look-at-the-iranian-surveillance-operations/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Caracal Kitten
Actor
TRACER KITTEN
Actor
Ferocious Kitten
Actor
Rocket Kitten
Actor
Flash Kitten
Actor
Cutting Kitten
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.