HOMETHREATSTRACER KITTEN
APT / THREAT GROUP

TRACER KITTEN

🇮🇷Iran-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

In April 2020, Crowstrike Falcon OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a telecommunications company in the Europe, Middle East and Africa (EMEA) region. The actor was found operating under valid user accounts, using custom backdoors in combination with SSH tunnels for C2. The adversary leveraged their foothold to conduct a variety of reconnaissance activities, undertake credential harvesting and prepare for data exfiltration.

Threat Analysis

TRACER KITTEN is a known-sophistication threat actor attributed to Iran, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

TRACER KITTEN — Active Operations March 2026

TRACER KITTEN is a unknown-motivation threat actor attributed to Iran. In April 2020, Crowstrike Falcon OverWatch discovered Iran-based adversary TRACER KITTEN conducting malicious interactive activity against multiple hosts at a telecommunications company in the Europe, Middle East and Africa (EMEA) region. The actor was found operating under valid...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇮🇷 Iran
Aliases1
SourceMalpedia

Also Known As

TRACER KITTEN

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.