Researchers Catch Cyber-Espionage Groups After Hackers Infect Their Own Systems

A cyber-espionage group who is believed to be tied to the Iranian Government, and has targeted over 1,600 defense officials, diplomats, researchers, journalists and more, may have just landed themselves in their own hacking trap. The group known as “Rocket Kitten” has been going since 2014, and for quite some time, their attacks have been analyzed by security teams trying to not only track them down, but to also prevent further security breaches. However, a team of researchers at Check Point Software Technologies caught a lucky break when they obtained access to the attacker’s command-and-control server.

It’s reported that Rocket Kitten is not very sophisticated, but rather persistent with their attacks. Using social engineering and phishing attacks to infect targets with malware. Researchers say the team left a major weakness in their infrastructure, allowing them to extract messages between members of the hacking group, as well as a list of over 1,600 intended victims in Saudi Arabia, the U.S., Iran, the Netherlands and Israel, that were targeted between August 2014 and 2015.

“It seems that the attackers did not take into consideration the possible compromise of their own command-and-control server and have infected their own computers with their custom keylogger-type malware, most likely for testing purposes.” reported CIO

By infecting their own computers with the malware they’ve been using to attack others, researchers believe they have been able to identify an Iranian software engineer who developed the tools for Rocket Kitten.