Check Point identified specific details and analyzed cyber-espionage activity conducted by the group Rocket Kitten, with possible ties to the Iranian Revolutionary Guard Corps.
Led by researchers in Check Point’s Threat Intelligence and Research Area, the data paints a picture of strategic malware attacks supported by persistent spear phishing campaigns.
The details show the Rocket Kitten group actively targeted individuals and organizations in the Middle East, as well as across Europe and in the United States, documenting specifics such as:
- Business and government sectors across Saudi Arabia, including news agencies and journalists; academic institutions and scholars; human rights activists; military generals; and members of the Saudi royal family
- Embassies, diplomats, military attachés and ‘persons of interest’ across Afghanistan, Turkey, Qatar, UAE, Iraq, Kuwait and Yemen, as well as NATO commands in the region
- Dozens of Iran researchers, as well as European Union Iran research groups, specifically in the fields of foreign policy, national security and nuclear energy.
- Venezuelan trade and finance targets
- Former Iranian citizens of various influential positions
- Islamic and anti-Islamic preachers and groups; famous columnists and cartoonists; TV show hosts; political parties; and government officials.
Researchers were also able to trace and unmask the true identity of an aliased attacker, identified as “Wool3n.H4T,” as one of the prominent figures behind the campaign. Further, based on the nature of the attacks and their repercussions, researchers suggest Rocket Kitten’s motives were aligned with nation-state intelligence interests, aimed at extracting sensitive information from targets.
The complete report is available here.