By 
The Federal Bureau of Investigation has said in an alert that a group of top hackers linked with the Iranian government has been spotted attacking the US private and government sector.
The alert, which was issued last week, didn’t recognize the hackers by name; it’s learned that the group is pursued by the larger cyber-security community under codenames such as Fox Kitten or Parasite.
A former government cyber-security analyst has termed the group as Iran’s “spear tip” with regard to cyber-attacks.
To achieve its objectives, the group known as Fox Kitten chiefly works by attacking high-end and costly network equipment using activities for lately revealed flaws, before companies had sufficient time to fix devices. On account of the nature of the devices they attack, targets mostly comprise large private companies and government networks.
Once the attackers gain access to a device, they install a web shell or backdoor, changing the equipment into an entry into the hacked network.
The FBI notice says these vulnerabilities are still attacked by the group, which also elevated its attack arsenal to include an activity for CVE-2020-5902, a flaw revealed in early July that affects BIG-IP, a very prevalent multi-purpose networking device manufactured by F5 Networks.
FBI officials also caution that this group isn’t targeting any specific sector, and any business running a BIG-IP device is likely to be attacked.
While the FBI asked US companies to fix their on-premise BIG-IP devices to stop successful interruptions, the officials also shared details about a typical Fox Kitten attack, so businesses can install countermeasures and finding rules:
“Following successful compromise of the VPN server, the actors obtain legitimate credentials and establish persistence on the server through webshells. The actors conduct internal reconnaissance post-exploitation using tools such as NMAP and Angry IP scanner. The actors deploy Mimikatz to capture credentials while on the network, and Juicy Potato for privilege escalation. The actors create new users while on the network; the FBI observed one account known to be created by the actors is “Sqladmin$”.
