Advisoryseverity: High2024-08-28
CISA/FBI/DC3 joint advisory AA24-241A names Pioneer Kitten as IAB
published by CISA
Actor
Iranian state-affiliated intrusion set publicly attributed by FBI, CISA, and DC3 in joint advisory AA24-241A as connected to the Government of Iran and operating partly through an Iranian IT-services…
Summary
FBI, CISA, and the DoD Cyber Crime Center issued joint advisory AA24-241A attributing a campaign of edge-device exploitation and subsequent access-brokering to ransomware affiliates (including ALPHV/BlackCat and NoEscape) to Iran-based Pioneer Kitten / Fox Kitten, assessed as connected to the Government of Iran. The advisory called out exploitation of Check Point Security Gateway CVE-2024-24919, Palo Alto PAN-OS CVE-2024-3400, and Citrix and F5 n-days as the primary access vectors.
Tags
iranaccess-brokeredge-devicesjoint-advisory