PIONEER KITTEN, the Iranian hacking group untold story

One of the main tares of national security agencies in multiple countries is to identify the source of potential external threats, including hacking groups. Web security experts say one of the most notorious cybercriminal cells for a couple of years were identified as PIONEER KITTEN from Iran.

Various intelligence reports mention that Pioneer Kitten has been active since at least 2017, and is highly likely to have ties to the Iranian government. Apparently this group is particularly interested in gaining access to corporate networks of public and private entities operating with sensitive information that might be of interest to the Government of Iran.

Investigators believe it is not Iran’s own government that is behind Pioneer Kitten, but that the hacking group is hired by authorities for multiple espionage tasks. Moreover, one of the most comprehensive reports on this hacking group, prepared by CrowdStrike Intelligence, mentions that there is not enough verified information about this cybercriminal cell, so many of these claims are considered simple speculations.   

This is not to say that there is no evidence of Pioneer Kitten’s activities a couple of months ago, a hacker allegedly linked to this group was discovered while trying to sell access to a business network on a dark web forum. Web security researchers believe Pioneer Kitten is trying to diversify its activities.

On their attack methods, incidents linked to Pioneer Kitten show a special interest in exploiting remote services connected to the Internet, mainly using virtual private network (VPN) vulnerabilities and network devices. Among the faults most exploited by Pioneer Kitten are CVE-2019-11510, CVE-2019-19781 and CVE-2020-5902.

Web security experts ensure that the operations of these hackers are characterized by their dependence on the SSH tunnel through tools such as Ngork and SHHMinion, in addition to the use of Remote Desktop Protocol (RDP).

Pionee Kitten’s main victims are organizations based in the United States and Israel, mainly technology and medical services companies, aeronautics industry, media, financial services and government institutions.

Pioneer Kitten is just one of many security threats from Asian countries; other featured hacking groups include Helix Kitten, Fancy Bear, Mythic Leopard and Goblin Panda.