Chafer, Cadelle, APT39, ITG07
Remix Kitten is an Iran-nexus adversary active since at least 2012, that CrowdStrike Intelligence assesses with high confidence operates in support of Iran’s Ministry of Intelligence and Security (MOIS).
The adversary conducts targeted intrusions in line with likely Iranian government counterintelligence priorities, with an emphasis on collecting data deemed valuable to enable other intelligence operations. Targeted organizations are consistently related to the travel and hospitality sectors, especially entities possessing significant amounts of personal information. It was the target of a series of leaks between 2018 and 2019 that publicized multiple sensitive elements of its operations.
During the latter half of 2020, Remix Kitten has been identified as continuing to conduct activities against targets in the Middle East. These activities have aligned with the adversary's established tradecraft of favoring custom malware that requires a notable degree of operator interactivity, supplemented with lightly-customized open source tooling. In September 2020, the U.S. Department of the Treasury sanctioned Remix Kitten, its operational front company, and 45 individuals as carrying out targeted intrusion activities on behalf of the MOIS.
United Arab Emirates