What Is 'Rocket Kitten,' Purported Iranian Hacking Group?


A new government report that details threats from state-sponsored hackers in China, Russia and Iran is a bit unusual in that it includes some references to specific hacking groups -- among these, the curiously named "Rocket Kitten."

The report, published Thursday by the National Counterintelligence and Security Center (NCSC), says Rocket Kitten is an "Iranian hacker group" that "consistently targets U.S. defense firms, likely enabling Tehran to improve its already robust missile and space programs with proprietary and sensitive U.S. military technology."

Read More: The State of Cyber Threats: China, Russia and Iran

While Rocket Kitten may not have the name recognition of some other state-backed hacking teams -- I'm looking at you Fancy Bear -- it's been around for years.

A 2015 report from the Israeli cybersecurity firm ClearSky said that the firm, along with Trend Micro, had been monitoring the group's alleged activities for months.

"Rocket Kitten has been operating since at least mid-2014," the report says. "The group operates against numerous targets in the middle-east including Israelis, Iranian exiles, and enemies of Iran. The targets are researchers and practitioners in the fields of policy, government and international relations, security, defense, journalism, human rights, and others... Our research suggests that the group's intention is to obtain sensitive information and perform espionage, as they are ideologically motivated."

Related: NASA Years Behind on Cybersecurity Strategy, Report Says

Around the same time, Trend Micro wrote, "Based on collected findings, Rocket Kitten seems to be part of a foreign political espionage campaign. The group does not seem to be after monetary gain, but rather keeping tabs on key personalities that have personal affiliation with foreign policy and defense actors."

According to the NSCS report, it appears Rocket Kitten has decided to break out of regional spy games and attack U.S. firms directly. Speaking more generally of Iranian "cyber activity," the report says Iranian hackers "aggressively targeted U.S. technologies with high value to the Iranian government. The loss of sensitive information and technologies not only presents a significant threat to U.S. national security. It also enables Tehran to develop advanced technologies to boost domestic economic growth, modernize its military forces, and increase its foreign sales."

The report notes that another group believed to be backed by Iran, OilRig, was also once focused on targets in the Middle East, but has recently "increased its targeting of U.S. financial institutions and information technology companies."

Related: It's 2018 and No One's in Charge of US Cyber Policy

[Like what you see and read on Code and DaggerBecome a Patreon and help keep the lights on. Do you have a tip or question? Reach out at CodeAndDagger@protonmail.com.]

The Other US-Russia Helsinki Summit: 'Very Friendly,' No 'Particular Achievements'

The State of Cyber Threats: China, Russia and Iran