A cyber-espionage group who is believed to be tied to the Iranian Government, and has targeted over 1,600 defense officials, diplomats, researchers, journalists and more, may have just landed themselves in their own hacking trap. The group known as “Rocket Kitten” has been going since 2014, and for quite some time, their attacks have been analyzed by security teams trying to not only track them down, but to also prevent further security breaches. However, a team of researchers at Check Point Software Technologies caught a lucky break when they obtained access to the attacker’s command-and-control server.
It’s reported that Rocket Kitten is not very sophisticated, but rather persistent with their attacks. Using social engineering and phishing attacks to infect targets with malware. Researchers say the team left a major weakness in their infrastructure, allowing them to extract messages between members of the hacking group, as well as a list of over 1,600 intended victims in Saudi Arabia, the U.S., Iran, the Netherlands and Israel, that were targeted between August 2014 and 2015.
“It seems that the attackers did not take into consideration the possible compromise of their own command-and-control server and have infected their own computers with their custom keylogger-type malware, most likely for testing purposes.” reported CIO
By infecting their own computers with the malware they’ve been using to attack others, researchers believe they have been able to identify an Iranian software engineer who developed the tools for Rocket Kitten.
“In this case, as in other previously reported cases, it can be assumed that an official body recruited local hackers and diverted them from defacing web sites to targeted espionage at the service of their country,” the Check Point researchers said. “Such inexperienced personnel with limited training often lack operational security awareness.” they added.
Well there you go. If you’re going to breaking computer security, learn how to apply it in the first place.