BANISHED KITTEN

🔴 High
Also known as: DUNE, Storm-0842, Red Sandstorm, BANISHED KITTEN, Void Manticore

BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 disruptive attacks targeting Albanian government infrastructure and the use of the HomelandJustice persona to leak stolen data, BANISHED KITTEN has likely targeted dissidents using the AllinOneNeo malware family.

🌍 Country Iran
Risk Level High
🎯 Incident Type EspionageInformation OperationsSabotage
Government Healthcare Pharmaceuticals High-Tech Telecomms Education Media NGOs Civil Society

Targeted Victims

United States Israel Middle East Europe

Introduction

BANISHED KITTEN is an Iranian state-nexus adversary active since at least 2008. While the adversary’s most prominent activity is the July and September 2022 disruptive attacks targeting Albanian government infrastructure and the use of the HomelandJustice persona to leak stolen data, BANISHED KITTEN has likely targeted dissidents using the AllinOneNeo malware family.

Activities and Tactics

Targeted Sectors: Government, Healthcare, Pharmaceuticals, High-Tech, Telecomms, Education, Media, NGOs, Civil Society

Country of Origin: 🇮🇷 Iran

Risk Level: High

Incident Type: [“Espionage”, “Information Operations”, “Sabotage”]

Suspected Victims: United States, Israel, Middle East, Europe

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

References pending cataloguing.