Threat Actor Profile
Copy Kittens
Copy Kittens, also known as Slayer Kitten, is an Iranian cyberespionage group active since at least 2013. Affiliated with Iranian state interests, the group employs advanced tactics, techniques, and procedures (TTPs) to target governments, IT, and media sectors globally. Their campaigns, such as Operation Wilted Tulip, highlight their focus on information theft and espionage.
Threat Actor Profile
Copy Kittens
Country of Origin
Members
Leadership
Copy Kittens TTPs
Tactics
The group primarily focuses on information theft, espionage, and enabling ransomware attacks. Their targets include government entities, IT infrastructure, and media organizations.
Techniques
Copy Kittens exploits vulnerabilities in public-facing applications, uses phishing campaigns, and deploys custom malware like Matryoshka RAT and Cobalt Strike.
Procedures
The group employs social engineering, webshells, and credential harvesting to infiltrate networks. They also leverage tools like EmpireProject and TDTESS for persistence and lateral movement.
Want to Shut Down Threats Before They Start?
Notable Cyberattacks
Operation Wilted Tulip (2013)
Jerusalem Post Breach (2017)
Law Enforcement & Arrests
No arrests have been reported. The group continues to operate with impunity, leveraging state-level resources.
How to Defend Against Copy Kittens
Regularly patch vulnerabilities in public-facing applications.
Monitor for IOCs like suspicious IPs and domains.
Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Copy Kitten threats with enterprise-grade technology.
References
Detect, Respond, Protect
See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.
