Hackread reports that Iranian cyberespionage group Fox Kitten was discovered by Censys researchers to potentially launch future intrusions using three previously unknown hosts with the same patterns and Autonomous Systems suspected to be part of the same infrastructure, as well as a pair of hosts with the same domain indicators of compromise.
Aside from leveraging dynamic IP addresses, Fox Kitten also sought to conceal its attack infrastructure through broad Autonomous System deployment and spurious certificate names, according to the Censys report, which was based on data from the joint FBI, Cybersecurity and Infrastructure Security Agency, and Department of Defense Cyber Crime Center warning.
Further analysis revealed a pair of domain IOCs not previously detailed by the joint cybersecurity advisory; similarities in geolocations and Autonomous System numbers among the hosts, and over 38,000 similar hosts suspected to be malicious. Such findings could be used to facilitate further Fox Kitten infrastructure discovery, researchers said.