• Also known as Lyceum. The group has also been connected to OilRig.
Siamesekitten was first detected using fake job postings and applications to phish software engineers in Israel. The attacker's goal appeared to be to escalate access once it had compromised the initial networks and to launch phishing attacks against other individuals and organizations. The malware toolkit used in Siamesekitten's attacks is geared towards reconnaissance.
Suspected victims
  • Israeli software companies
Suspected state sponsor
  • Iran (Islamic Republic of)
Type of incident
  • Espionage
Target category
  • Private sector