back to article Iran's RampantKitten spy crew were snooping on expats and dissidents for six years

Infosec outfit Check Point says it has uncovered a six-year Iranian cyber-spying campaign directed at expats and dissidents worldwide. The Iranian crew, nicknamed RampantKitten, used a variety of infostealers to help themselves to targets' files, as well as extracting passwords from management software KeePass and breaking …

  1. Fogcat

    "extracting passwords from management software KeePass"

    Is there a vulnerability in KeePass then?

    1. Anonymous Coward
      Big Brother

      My thoughts as well. I suspect that they were accessing the clipboard in systems that they already infiltrated rather than cracking the database but if there is a flaw in KeePass's encryption it is far bigger news than the rest of the article.

  2. Palpy


    From Wikipedia (yes, low-hanging fruit): "A 2019 Independent Security Evaluators study described KeePass as well as other widely used password managers as being unable to control Windows 10's tendency to leave passwords in cleartext in RAM after they are displayed using Windows controlled GUI.[12] In addition, several github projects (KeeFarce, KeeThief, Lazanga) specifically attack a running KeePass to steal all data; when the host is compromised (sic). KeePass cannot prevent password theft [on a compromised system, they mean?] and 'neither KeePass nor any other password manager can magically run securely in a spyware-infected, insecure environment.'[13]"

    12: Bednarek, Adrian. "Password Managers: Under the Hood of Secrets Management". Retrieved 2019-03-24.

    13: Reichl, Dominik. "KeeFarce". Retrieved 2019-03-24.

    Perhaps Da Rampant Kittens compromised the systems in question, then used publicly available software to attack a running instance of KeePass?

    "The fault, dear Brutus, is not in the stars / But in our fscked-up compromised system."

  3. Anonymous Coward
    Anonymous Coward

    And after the Iran-bashing is over.....

    ......maybe we can hear a little about similar shenanigans in Chelmsford.


    Ah.....sorry.....I forgot......the author of the article is QUITE CLEAR about variations in "The Good The Bad and The Ugly"!




    And so on.......

  4. Anonymous Coward
    Anonymous Coward

    If Iranian hackers can achieve this

    it should be well within the capabilities of state funded organisations to do exactly the same.

    Thankfully, they're the good guys.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like