Cyber Resilience

Threat actor · all actors

Fox KittenG0117 state

🇮🇷 IR

aka Fox Kitten, UNC757, Parisite, Pioneer Kitten, RUBIDIUM, Lemon Sandstorm

Last updated: 2026-07-03

2attributed CVEs
54ATT&CK techniques
5.5IDF score (tooling uniqueness)
1exclusive CVEs
2026years active

About this actor

[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. [Fox Kitten](https://attack.mitre.org/groups/G0117) has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten December 2020)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-20929 5.57.50.01142026-01-13see CVE
CVE-2018-1579 0.00.00.0000see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-444 / 5481%
CM-641 / 5476%
AC-334 / 5463%
CM-234 / 5463%
AC-232 / 5459%
AC-631 / 5457%
CM-729 / 5454%
IA-225 / 5446%
AC-523 / 5443%
CA-723 / 5443%
CM-522 / 5441%
SI-322 / 5441%
RA-520 / 5437%
SI-719 / 5435%
AC-418 / 5433%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state