A sophisticated cyber-espionage campaign leveraging artificial intelligence has been methodically targeting Iranian human rights organizations and activists, marking a significant escalation in the technical capabilities of state-aligned threat actors. This operation, attributed to a newly identified group named RedKitten, has been active since late 2025, deploying a multi-stage malware implant designed for persistent surveillance and data exfiltration. The attackers combine advanced social engineering with AI-generated malicious code to bypass traditional security measures, exploiting the very communication tools that activists rely on. By embedding their command-and-control infrastructure within legitimate cloud services like Google Drive and GitHub, and using platforms such as Telegram for data exfiltration, RedKitten effectively camouflages its malicious traffic, making detection and attribution exceptionally challenging. The campaign’s focus on individuals and groups documenting civil unrest in Iran underscores a calculated effort to disrupt and dismantle civil society networks through advanced digital infiltration.
1. Dissecting the RedKitten Threat Actor
RedKitten has emerged as a formidable Iran-aligned advanced persistent threat (APT) group, characterized by its Farsi-speaking operators, high degree of operational security, and technical prowess. Analysis of the group’s tactics, techniques, and procedures reveals significant overlaps with established Iranian APTs, including Tortoiseshell, Nemesis Kitten, and Charming Kitten. This connection is evident in their shared preference for malicious Microsoft Excel documents as an initial infection vector and the use of advanced techniques like AppDomainManager injection. However, RedKitten distinguishes itself through its pioneering adoption of artificial intelligence, specifically large language models (LLMs), to generate and obfuscate the malicious macros and malware payloads used in its attacks. This AI-driven approach not only complicates forensic analysis and reverse engineering but also allows for the rapid creation of polymorphic code that can evade signature-based detection engines, posing a new level of threat to cybersecurity defenses.
The group’s infrastructure design demonstrates a strategic focus on resilience and stealth, leveraging a distributed network of legitimate, high-reputation services to conduct its operations. Instead of relying on dedicated malicious servers that can be easily blacklisted, RedKitten uses public GitHub repositories to host initial configuration data, Google Drive to store steganographically hidden payloads, and the Telegram Bot API for robust command and control (C2) communications. This reliance on trusted cloud platforms creates a significant challenge for network defenders, as blocking these services outright is often operationally infeasible. The content of the lures, which are highly specific to recent Iranian protests and human rights abuses, combined with the sophisticated technical execution, strongly indicates that RedKitten is a state-sponsored entity tasked with monitoring, disrupting, and gathering intelligence on civil society groups perceived as a threat to the regime.
2. Anatomy of an AI-Powered Attack
The initial point of entry for the RedKitten campaign is a meticulously crafted spearphishing attack, delivered through email or secure messaging applications. The payload is concealed within a 7-Zip archive that uses a Farsi filename to enhance its authenticity. Contained within the archive is a macro-enabled Microsoft Excel (XLSM) document, which serves as the primary infection vector. The lure is exceptionally potent, purporting to contain a list of protesters who were killed in Tehran between December 2025 and January 2026. This emotionally charged subject matter is designed to exploit the target’s sense of urgency and trust, compelling them to open the document and enable macros. Once macros are enabled, a Visual Basic for Applications (VBA) script is executed. This script, which shows clear signs of being generated or heavily obfuscated by AI, initiates a dropper routine that discreetly deploys the next stage of the malware onto the victim’s system without raising immediate alarms.
Upon execution, the AI-generated VBA macro drops a C#-based dynamic link library (DLL) named AppVStreamingUX_Multi_User.dll into a specific system directory, %LOCALAPPDATA%\Microsoft\CLR_v4.0_32\NativeImages\. This location is often trusted by security software, allowing the malware to blend in with legitimate system files. To achieve execution and persistence, the malware leverages a technique known as AppDomainManager injection. This method allows the malicious DLL to be loaded into the memory space of legitimate, signed processes, effectively hijacking their context to run its code. This sophisticated evasion tactic makes the malware’s activity extremely difficult to detect by many endpoint detection and response (EDR) solutions, which may not flag operations occurring within a trusted process. The successful execution of this DLL establishes a foothold for the primary implant, known as SloppyMIO, which then proceeds to connect to the command-and-control infrastructure to receive further instructions and payloads.
3. The SloppyMIO Implant and Phishing Operations
The core of RedKitten’s operation is the SloppyMIO implant, a modular and highly versatile malware designed for comprehensive espionage. Once active, its first action is to establish a connection with the C2 infrastructure. It begins by querying a specific GitHub repository, which acts as a dead drop resolver, providing a URL for a Google Drive location. This Drive link points to image files containing steganographically embedded configuration data. By hiding its configuration within the pixels of an image, the malware avoids transmitting plain-text instructions that could be intercepted. This data includes a Telegram bot token, a chat ID for the C2 channel, and links to download additional modules. SloppyMIO’s modular architecture allows attackers to deploy specific capabilities as needed, including executing arbitrary shell commands, collecting and exfiltrating files of interest, writing new files to the victim’s disk, and establishing persistence through the creation of scheduled tasks set to run every two hours.
In parallel with its malware deployment, RedKitten conducts an aggressive and highly targeted phishing campaign to harvest credentials and gain broader access to victims’ digital lives. The group has been observed using a phishing site hosted on whatsapp-meeting.duckdns[.]org, which perfectly mimics the legitimate WhatsApp Web login page. Unsuspecting victims who enter their credentials unknowingly grant attackers access to their accounts. The phishing page goes further by requesting permissions to access the device’s camera, microphone, and geolocation data, turning the victim’s own device into a surveillance tool. A similar phishing site impersonates Gmail to steal email credentials and two-factor authentication codes. These phishing links are distributed through tailored messages that align with the victim’s professional context and language, significantly increasing the likelihood of success and providing the attackers with a wealth of sensitive personal and professional information.
4. Exploitation and Strategic Targeting
The RedKitten campaign has been actively and precisely targeting a specific cross-section of society, including human rights NGOs, activists, academics, government officials, and business leaders. A particular focus has been placed on the Kurdish community and individuals directly involved in documenting human rights abuses within Iran. At least 50 individuals are confirmed to have been directly compromised, though the true number of those affected is likely much higher due to secondary targeting through compromised accounts and contact lists. Attackers deliver the malicious archives and phishing links through trusted channels such as email and WhatsApp, leveraging social engineering to ensure victims interact with the payloads. Once a victim opens the macro-laden Excel file and enables content, the SloppyMIO implant is installed, granting the attackers persistent and covert access to their system, often for extended periods.
The data exfiltrated by the malware is extensive and highly sensitive. It includes internal documents, private communications, contact lists, and financial information. For victims of the parallel phishing attacks, the compromise is even more invasive, with attackers gaining access to live camera feeds, microphone recordings, and real-time geolocation data. The campaign’s infrastructure is designed for longevity and evasion, with attackers frequently updating their GitHub repositories, rotating Google Drive payloads, and changing Telegram bot configurations. This dynamic approach allows them to evade security takedowns and signature-based detection, ensuring the campaign can continue its operations even after partial exposure. The attackers’ nuanced understanding of their targets’ communication habits and trust networks is a key factor in the campaign’s success, demonstrating a level of intelligence gathering that precedes the technical phase of the attack.
Prescribed Security Countermeasures
This campaign underscored the critical need for heightened vigilance among at-risk organizations. The technical complexity and tailored social engineering used by RedKitten required a multi-layered defense strategy. Organizations and individuals were strongly advised to block all network access to the known malicious infrastructure, including the specific GitHub repositories, Google Drive links, and the whatsapp-meeting.duckdns[.]org phishing domain. A fundamental defensive measure involved disabling macros by default across all Microsoft Office applications and providing targeted training to users, particularly those in high-risk roles, on the dangers of enabling macros in documents from unverified sources. Security teams were also urged to establish proactive monitoring for the creation of new scheduled tasks and to investigate the presence of the AppVStreamingUX_Multi_User.dll file or similarly named C# DLLs in unexpected system directories, which served as a key indicator of compromise. This incident proved that even sophisticated, AI-driven attacks could be mitigated with a combination of technical controls and robust user education.
