← threatfilter.dev / all groups / Ajax Security Team
Ajax Security Team
Also known as: Operation Woolen-Goldfish · AjaxTM · Rocket Kitten · Flying Kitten · Operation Saffron Rose
Overview
Ajax Security Team is a group that has been active since at least 2010 and believed to be operating out of Iran. By 2014 Ajax Security Team transitioned from website defacement operations to malware-based cyber espionage campaigns targeting the US defense industrial base and Iranian users of anti-censorship technologies.
Targets
Activists · Aerospace · Civil society · Defense · Education · Gas · Government · Journalists · Military · Oil · Research - Innovation
Regions
Afghanistan · Canada · Egypt · Iran · Iranian internet activists · Iraq · Israel · Jordan · Kuwait · Saudi Arabia · Syria · Turkey · United Arab Emirates · United Kingdom · United States · Venezuela · Yemen
TTPs — 6 techniques across 5 tactics
Initial Access
-
T1566.001Spearphishing Attachment -
T1566.003Spearphishing via Service
Execution
-
T1204.002Malicious File
Credential Access
-
T1555.003Credentials from Web Browsers
Collection
-
T1056.001Keylogging
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (2)
sqlmap · Havij
Reporting (3)
- Flying Kitten to Rocket Kitten, A Case of Ambiguity and Shared Code — Iran Threats
- Operation Woolen-Goldfish - When Kittens Go phishing — Cedric Pernet, Kenney Lu
- ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES — Check Point Software Technologies