A new report on the group known as “CopyKittens” details its increased Cyber Attack activity in support of its political ambitions.

The report is co-authored by ClearSky, an Israeli cyber-intelligence company, and Trend Micro, a global leader in cybersecurity solutions.

CopyKittens, which has been active since 2013, recently targeted government, security and academic institutions, and websites in Germany and Turkey as well as United Nations’ employees and organizations in Saudi Arabia, Israel and Jordan.

In an incident detailed in the report, members of the German Bundestag were compromised by watering holes positioned within several legitimate websites that were hacked and linked to harmful third-party sites. Another incident cited explains how a Turkish diplomatic institution was hacked and used as a cover to launch a massive spear phishing campaign, with victims receiving a highly targeted message from a legitimate, known source.

CopyKittens is very persistent, despite lacking technological sophistication and operational discipline. These characteristics, however, cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly.

The group has independently developed several new hacking tools. They also use commercially available hacking tools such Cobalt Strike and Metasploit, which are generally for penetration testing and thus allow them to stay under the radar.

The extensive report details how its experts gained intimate access to the group’s activity, methods, tools and infrastructure. They have shed new light on the operations and priorities of the intelligence organization operating the group.

Boaz Dolev, CEO, ClearSky Cyber Security said in an e-mail we received this morning:

“We’ve been tracking CopyKittens for four years and have become very intimate with its operations. Our analysis gives indications about the group’s political motivations. Analysed within this context, these attacks deliver fresh insights.”

The report can be accessed via the ClearSky blog – www.clearskysec.com/tulip and under Trend Micro Blog – blog.trendmicro.com.


Notify of
Inline Feedbacks
View all comments