Threats Feed|Static Kitten|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date09/02/2021

Static Kitten Launches Cyberespionage Attack on UAE and Kuwait Government Sectors

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Malware,Spear Phishing
  • Attack Complexity: High
  • Threat Risk: High Impact/High Probability

Threat Overview

The cyberespionage group, Static Kitten, launched a cyber attack primarily targeting the government sectors of the United Arab Emirates (UAE) and Kuwait. Using geopolitical lures and masquerading as the Ministry of Foreign Affairs (MOFA) of Kuwait, the attackers aimed to install a remote management tool called ScreenConnect on victims' devices. The campaign involved phishing emails, URL masquerading, and delivering ZIP files that purport to contain relevant documents but instead initiate the ScreenConnect installation process.

Reference and Credit: Anomali - February 2021

Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

Detected Targets

TypeDescriptionConfidence
CaseMinistry of Foreign Affairs - Kuwait
The Ministry of Foreign Affairs is one of the governmental bodies of Kuwait and part of the cabinet. It was started in 1961. Ministry of Foreign Affairs - Kuwait has been targeted by Static Kitten with abusive purposes.
Verified
CaseNational Media Council
The National Media Council is a federal institution of the United Arab Emirates that was established by virtue of Federal Law No. 1 of 2006. It promotes and supports all media-related initiatives and activities in the U.A.E. and abroad. National Media Council has been targeted by Static Kitten with abusive purposes.
Verified
CaseSecretariat General of the Gulf Cooperation Council
The Secretariat is the executive arm of the Gulf Cooperation Council. Secretariat General of the Gulf Cooperation Council has been targeted by Static Kitten with abusive purposes.
Verified
SectorGovernment Agencies and Services
Verified
RegionKuwait
Verified
RegionUnited Arab Emirates
Verified

Extracted IOCs

  • instance-sy9at2-relay.screenconnect[.]com
  • instance-uwct38-relay.screenconnect[.]com
  • ws.onehub[.]com
  • 31a35e3b87a7f81449d6f3e195dc0660b5dae4ac5b7cd9a65a449526e8fb7535
  • 3e4e179a7a6718eedf36608bd7130b62a5a464ac301a211c3c8e37c7e4b0b32b
  • 5bfb635c43eb73f25f4e75961a715b96fa764bbe096086fc1e037a7869c7878b
  • 77505dcec5d67cc0f6eb841f50da7e7c41a69419d50dc6ce17fffc48387452e1
  • b2f429efdb1801892ec8a2bcdd00a44d6ee31df04721482a1927fc6df554cdcf
  • 149[.]202.216.53
  • hxxps://ws.onehub[.]com/files/7w1372el
  • hxxps://ws.onehub[.]com/files/94otjyvd
download

Tip: 11 related IOCs (1 IP, 3 domain, 2 URL, 0 email, 5 file hash) to this threat have been found.

Overlaps

MuddyWaterMuddyWater Targets Global Sectors with Phishing and BugSleep Backdoor

Source: Check Point - July 2024

Detection (one case): ws.onehub[.]com

MuddyWaterMuddyWater Expands Cyber Espionage Tactics Using Atera Agents Across Multiple Sectors

Source: HarfangLab - April 2024

Detection (one case): ws.onehub[.]com

MuddyWaterMuddyWater Group Adopts New Tactics in Spear-Phishing Campaigns

Source: Malwation - March 2024

Detection (one case): ws.onehub[.]com

MuddyWaterMuddyWater's Covert Phishing Campaign Targets Israeli Government Sectors

Source: National Cyber ​​Array of Israel - March 2024

Detection (one case): ws.onehub[.]com

MuddyWaterMuddyWater's Renewed Cyber Campaign Targets Israeli Entities

Source: Deep Instinct - November 2023

Detection (one case): ws.onehub[.]com

MuddyWaterMuddyWater Expands Its Reach: A Deep Dive into the Earth Vetala Intrusion

Source: Trend Micro - March 2021

Detection (two cases): 3e4e179a7a6718eedf36608bd7130b62a5a464ac301a211c3c8e37c7e4b0b32b, b2f429efdb1801892ec8a2bcdd00a44d6ee31df04721482a1927fc6df554cdcf

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation
Static Kitten
View Static Kitten's Insights