Huntress Acquires Inside Agent: A New Era for Identity Protection
Portal LoginSupportContact
Search
Portal LoginSupportContact
Search
Get a Demo
Free Trial
HomeThreat Actors
Ferocious Kitten
Threat Actor Profile

Ferocious Kitten

Ferocious Kitten is an Iranian-aligned advanced persistent threat (APT) group first identified in 2015. This group primarily engages in cyber espionage operations, with a focus on Middle Eastern targets but has been observed reaching into global networks. Known for using malicious Telegram applications as a lure, Ferocious Kitten is affiliated with broader Iranian state-backed activity clusters. Their primary methods include surveillance malware, phishing, and social engineering campaigns.

Threat Actor Profile

Ferocious Kitten

Country of Origin

Ferocious Kitten is attributed to Iran, with a strong nexus to state-aligned intelligence and domestic security operations. This attribution is widely supported by multiple threat intelligence vendors.

Members

The exact size and composition of Ferocious Kitten remain unclear. Their operations, however, often reflect coordination among highly skilled attackers, leveraging custom tooling and advanced espionage techniques — indicative of contractor or state-sponsored capabilities.

Leadership

No specific leaders or aliases have been publicly identified for this group.

Ferocious Kitten TTPs

Tactics

Primarily engages in cyber espionage campaigns to gather intelligence on dissidents, regional rivals, and geopolitical targets.

Techniques

  • Weaponized Telegram applications embedding malware.

  • Credential theft and spyware installation.

  • Social engineering through fake messaging apps.

Procedures

  • Deployment of custom malware such as MarkiRAT.

  • Malicious updates through compromised apps.

  • Covert surveillance of targets' communications.

Want to Shut Down Threats Before They Start?

Schedule a Demo Todayright arrow

Notable Cyberattacks

2015-2021

Use of malicious Telegram apps to spy on Iranian citizens.

2021

Check Point documented campaigns delivering MarkiRAT via Trojanized Telegram apps targeting Android users in Iran and abroad.

Law Enforcement & Arrests

No arrests or takedowns have been publicly attributed to Ferocious Kitten activity.

How to Defend Against Ferrocious Kitten

1

Enforcing mobile device management (MDM) to block unauthorized apps.

2

Continuous endpoint monitoring to detect spyware and RAT behavior.

3

User education on avoiding unofficial app sources and phishing.

4

Leveraging Huntress’s managed endpoint detection and response (EDR) to proactively identify malicious behaviors like RAT installation and exfiltration.

Huntress solutions help protect organizations by monitoring endpoints, detecting intrusions, and mitigating Fancy Bear threats withenterprise-grade technology.

Schedule a Demo

References

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free