Iran's Nemesis Kitten Hacked U.S. Merit Systems Protection Board to Implant Crypto Miner

European regulators warn about Qatar World Cup app, UK blocks takeover of chipmaker citing risk to national security, RapperBot emerges with new campaign, more

Follow Metacurity on Mastodon @metacurity@infosec.exchange!

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory that an Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware.

Sources say the agency affected is the U.S. Merit Systems Protection Board. Security researchers say the hacking group is Nemesis Kitten, which conducts destructive, disruptive, and snooping operations on behalf of the Iranian government, but they also carry out attacks for financial gain. The presence of the crypto miner is peculiar, although it might have been meant to obfuscate other activities like espionage or mislead the incident response team.

The Board is a quasi-judicial agency that adjudicates grievances from federal government employees in areas such as whistleblower retaliation. After deploying the cryptocurrency miner, the Iranian threat actors also set up reverse proxies on compromised serv…