Rocket Kitten APT threat persists after being outted
Nearly six months after exposing the group, Trend Micro and ClearSky published an updated report on Rocket Kitten, a state-sponsored group targeting Israeli and European organisations.
The new report, “The Spy Kittens Are Back: Rocket Kitten 2,” detailed the group's methodology and goals. Both organisations noted that the group conducts its business for cyber-espionage and received no monetary gains. The Advanced Persistent Threat (APT) campaign also had its perpetrators targeting personal accounts, versus corporate ones, which allows them to seamlessly move from a less secure home network to an individual's corporate accounts and network.
An ignored phishing email didn't deter this group - members sent emails daily with slightly altered content to encourage a target to open attachments. In one case, a recipient replied back in Hebrew questioning the email's legitimacy.
The attackers replied in the affirmative in Hebrew and encouraged the person to open attached files.