Skip to Content

Iranian SiameseKitten Lyceum APT group

Updated on 2022-11-29

Chinese security firm QiAnXin has published a report on the Lyceum APT, reviewing recent spear-phishing and malware delivery TTPs, most of which have used military-themed lures for distribution. Read more: 瞄准能源企业:Lyceum组织以军事热点事件为诱饵针对中东地区的定向攻击


ClearSky said it discovered new malware associated with the Iranian SiameseKitten (Lyceum) group. The malware is dropped by a PDF file claiming to contain info about drone strikes conducted in Iran. It installs a reverse shell, and ClearSky says the malware is signed using a fake Microsoft certificate that is also used by a variety of other Iranian groups, such as Phosphorus. Read more: Lyceum suicide drone

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on