Security Experts:

Connect with us

Hi, what are you looking for?



Over 1,200 Iranians Targeted in Domestic Surveillance Campaign

More than 1,200 Iranian citizens have been targeted in extensive cyber-surveillance operations backed by the Iranian government, researchers with cybersecurity firm Check Point report.

More than 1,200 Iranian citizens have been targeted in extensive cyber-surveillance operations backed by the Iranian government, researchers with cybersecurity firm Check Point report.

The attacks, which Check Point refers to collectively as Domestic Kitten, have been ongoing for roughly four years, orchestrated by a threat actor tracked as APT-C-50, which executes the campaigns on behalf of the Iranian government.

The targets of these attacks, the researchers say, are the Kurdish minority in Iran, opposition forces, internal dissidents, ISIS advocates, and other individuals that the Iranian regime believes could represent a threat.

A total of 10 unique campaigns were observed to date, including 4 that are currently active. The most recent of these campaigns started in November 2020. Two of the remaining three active campaigns have been ongoing since mid-2017, and the last one since mid-2018.

The attacks employed a broad range of vectors to trick victims into installing a malicious Android application: Telegram channels, text messages containing a link to the software, and an Iranian blog. More than 600 of the targeted individuals had their devices infected.

Dubbed FurBall and based on commercially available spyware called KidLogger, the malware leveraged in these attacks is capable of collecting information such as device identifiers, SMS messages, call logs, contact lists, user accounts, browsing history, and a list of installed applications.

Furthermore, it can access a device’s microphone and camera to record sound and video, can record calls, steal files (including from external storage), track the device’s location, and delete messages and files.

Once on the victim’s device, the malware masquerades itself as a fake mobile security application, a news app, a repackaged version of a game, an Android application store, a wallpaper application, or an application for a restaurant in Tehran.

The recent campaigns, Check Point says, leverage the same infrastructure that was used in attacks detailed in 2018.

In addition to victims in Iran, the operations targeted individuals worldwide, including the United States, the United Kingdom, Afghanistan, Pakistan, Turkey, and more.

Related: Cyberespionage Campaign Targets Android Users in Middle East

Related: Twitter Removes Iran-Linked Accounts Aimed at Disrupting U.S. Presidential Debate

Related: Hackers Collecting Intelligence on Potential Opponents to Iranian Regime

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...