Skip to Content

Iranian SiameseKitten Lyceum APT group

Updated on 2022-11-29

Chinese security firm QiAnXin has published a report on the Lyceum APT, reviewing recent spear-phishing and malware delivery TTPs, most of which have used military-themed lures for distribution. Read more: 瞄准能源企业:Lyceum组织以军事热点事件为诱饵针对中东地区的定向攻击

Overview

ClearSky said it discovered new malware associated with the Iranian SiameseKitten (Lyceum) group. The malware is dropped by a PDF file claiming to contain info about drone strikes conducted in Iran. It installs a reverse shell, and ClearSky says the malware is signed using a fake Microsoft certificate that is also used by a variety of other Iranian groups, such as Phosphorus. Read more: Lyceum suicide drone

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.