VERY IMPORTANT

At the beginning of May 2021, the first attack by Siamesekitten on an IT company in Israel was detected. Siamesekitten (also named Lyceum/Hexane) is an Iranian APT group active in the Middle east and in Africa that is active in launching supply chain attacks. To this end Siamesekitten established a large infrastructure that enabled them to impersonate the company and their HR personnel. We believe that this infrastructure was built to lure IT experts and penetrate their computers to gain accesses to the company’s clients. In July 2021, a second wave of similar attacks against additional companies in Israel was detected. In this wave, Siamesekitten upgraded their backdoor malware to a new version called “Shark” and it replaced the old version of their malware called “Milan”.