Names	Clever Kitten (CrowdStrike)
Group 41 (Talos)
Country	Iran Iran
Motivation	Information theft and espionage
First seen	2013
Description	(CrowdStrike) Clever Kitten primarily targets global companies with strategic importance to countries that are contrary to Iranian interests.

Clever Kitten actors have a strong affinity for PHP server-side attacks to make access; this is relatively unique amongst targeted attackers who often favor targeting a specific individual at a specific organization using social engineering. Some attackers have moved to leveraging strategic web compromises. The reason for this is likely the availability of exploits against web browsers, which for a variety of reasons allows an attacker to bypass security features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR).
Observed	Sectors: Global companies with strategic importance to countries that are contrary to Iranian interests..
Tools used	Acunetix Web Vulnerability Scanner, RC SHELL.
Information	<https://www.crowdstrike.com/blog/whois-clever-kitten/>
Last change to this card: 14 April 2020