Between May 2023 and February 2025, a highly skilled Iranian state-sponsored hacking group known in cybersecurity circles as Lemon Sandstorm (also referred to as Pioneer Kitten) carried out a stealthy and prolonged cyber espionage campaign against a critical infrastructure network in the Middle East. Exploiting unpatched VPN devices, they slipped past defenses and deployed a blend of off-the-shelf and custom-built malware. What followed was a methodical compromise: credentials were harvested, covert “backdoors” installed and sensitive systems monitored all while the attackers dynamically evolved to sidestep the victim’s attempts at detection. This operation was not just a breach; it was a masterclass in persistence, patience, and precision.

‍

DOWNLOAD