Iranian hackers “Ferocious Kitten” have used the reputation of one of the administration’s most prominent critics to deceive an online surveillance program that has been running for at least six years without finding dissidents.
A cyber-spy activity run by a group known as Ferocious Kitten was designed to steal data from users’ computers and hijack the Telegram app commonly used by opposition to evade regime oversight. It was.
“The content of the decoy document suggests that attackers are particularly chasing supporters of domestic protests,” said Kaspersky, a cybersecurity expert who first learned about malware in March. ..
According to Kaspersky, the ferocious kitten sent an email containing videos of dissident protests and resistance camps, including hidden malicious software that monitors the computer activity of those who downloaded it.
While the malicious software was being downloaded, a message was displayed on the screen claiming to be from Hussein Jafari, a political prisoner in the 1980s.
“Please add my name to Iraj Mesdaghi’s prisoner’s statement about bloodthirsty mercenaries,” the message said. “Use the nickname Jafar for myself and my family.”
Former exiled political prisoner Mesdaghi, who spent 10 years in three prisons, said he didn’t know what the message meant, and Jafari didn’t even know. But he said cyber-spying is typical of repeated attempts by the administration to trap foreign dissidents.
“This is the first time they have used my name,” he said. “Of course, that has no effect on me, but they try, and they are very positive about these things.”
A malware known as MarkiRat allowed Ferocious Kitten to download and upload materials from the user’s computer. According to Kaspersky, all the victims of this operation appeared to be Iranian and Persian-speaking people.
Researchers said the ferocious kittens appear to be “very active” and may be modifying their tactics to continue targeting opponents.
Read the complete article at: Illinois News Today