Adversary: Remix Kitten - Threat Actor | Crowdstrike Adversary Universe

Adversary

Remix Kitten

Origins

Iran

Community identifiers

Chafer, Cadelle, APT39, ITG07

Remix Kitten is an Iran-nexus adversary active since at least 2012, that CrowdStrike Intelligence assesses with high confidence operates in support of Iran’s Ministry of Intelligence and Security (MOIS).

The adversary conducts targeted intrusions in line with likely Iranian government counterintelligence priorities, with an emphasis on collecting data deemed valuable to enable other intelligence operations. Targeted organizations are consistently related to the travel and hospitality sectors, especially entities possessing significant amounts of personal information. It was the target of a series of leaks between 2018 and 2019 that publicized multiple sensitive elements of its operations.

Recent Activity

During the latter half of 2020, Remix Kitten has been identified as continuing to conduct activities against targets in the Middle East. These activities have aligned with the adversary's established tradecraft of favoring custom malware that requires a notable degree of operator interactivity, supplemented with lightly-customized open source tooling. In September 2020, the U.S. Department of the Treasury sanctioned Remix Kitten, its operational front company, and 45 individuals as carrying out targeted intrusion activities on behalf of the MOIS.

Target Nations

  • Flag Icon of the country Canada

    Canada

  • Flag Icon of the country Iran

    Iran

  • Flag Icon of the country Israel

    Israel

  • Flag Icon of the country Jordan

    Jordan

  • Flag Icon of the country Kuwait

    Kuwait

  • Flag Icon of the country Saudi Arabia

    Saudi Arabia

  • Flag Icon of the country Turkey

    Turkey

  • Flag Icon of the country United Arab Emirates

    United Arab Emirates