Threat actor · all actors
Fox KittenG0117 state
🇮🇷 IR
aka Fox Kitten, UNC757, Parisite, Pioneer Kitten, RUBIDIUM, Lemon Sandstorm
Last updated: 2026-07-03
About this actor
[Fox Kitten](https://attack.mitre.org/groups/G0117) is threat actor with a suspected nexus to the Iranian government that has been active since at least 2017 against entities in the Middle East, North Africa, Europe, Australia, and North America. [Fox Kitten](https://attack.mitre.org/groups/G0117) has targeted multiple industrial verticals including oil and gas, technology, government, defense, healthcare, manufacturing, and engineering.(Citation: ClearkSky Fox Kitten February 2020)(Citation: CrowdStrike PIONEER KITTEN August 2020)(Citation: Dragos PARISITE )(Citation: ClearSky Pay2Kitten December 2020)
Source: MITRE ATT&CK
Activity timeline
- 2026 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2026-20929 | 5.5 | 7.5 | 0.0114 | 2026-01-13 | see CVE |
CVE-2018-1579 | 0.0 | 0.0 | 0.0000 | see CVE |
T1003T1003.001T1003.003T1005T1012T1018T1021T1021.001T1021.002T1021.004T1021.005T1027T1027.010T1027.013T1036T1036.004T1036.005T1039T1046T1053T1053.005T1059T1059.001T1059.003T1078T1083T1087T1087.001T1087.002T1090T1102T1105T1110T1136T1136.001T1190T1210T1213T1213.005T1217T1505T1505.003T1530T1546T1546.008T1552T1552.001T1555T1555.005T1560T1560.001T1572T1585T1585.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 44 / 54 | 81% |
CM-6 | 41 / 54 | 76% |
AC-3 | 34 / 54 | 63% |
CM-2 | 34 / 54 | 63% |
AC-2 | 32 / 54 | 59% |
AC-6 | 31 / 54 | 57% |
CM-7 | 29 / 54 | 54% |
IA-2 | 25 / 54 | 46% |
AC-5 | 23 / 54 | 43% |
CA-7 | 23 / 54 | 43% |
CM-5 | 22 / 54 | 41% |
SI-3 | 22 / 54 | 41% |
RA-5 | 20 / 54 | 37% |
SI-7 | 19 / 54 | 35% |
AC-4 | 18 / 54 | 33% |
Co-occurring actors
- Mustang Panda 1 shared CVEs
- SolarWinds Compromise 1 shared CVEs
- APT38 1 shared CVEs
- Tonto Team 1 shared CVEs
- Ember Bear 1 shared CVEs
- GOLD SOUTHFIELD 1 shared CVEs
- Aquatic Panda 1 shared CVEs
- APT28 1 shared CVEs
- Sandworm Team 1 shared CVEs
- Ajax Security Team 1 shared CVEs
Similar actors
Active in same years
- Operation Dream Job 1.00
- SolarWinds Compromise 1.00
- C0027 1.00
- SharePoint ToolShell Exploitation 1.00
- Ke3chang 1.00
Same nation-state
- HomeLand Justice 1.00
- Outer Space 1.00
- Juicy Mix 1.00
- Cleaver 1.00
- OilRig 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00