The ‘Kitten’ Project – Hacktivist Groups Carrying Out Attacks Targeting Israel

The Kitten Project has emerged as a coordinated hacktivist platform operating at the intersection of activism and technical operations.

This initiative represents a shift in how cyber-focused groups organize their campaigns, moving beyond isolated attacks toward centralized infrastructure that facilitates communication, resource sharing, and coordinated action.

The platform, accessible through thekitten.group, serves as a hub where multiple hacktivist groups collaborate to execute attacks and doxing campaigns against Israeli targets.

The organization appears primarily affiliated with pro-Iranian hacktivist groups, though it publicly claims independence from any government structure.

The attack landscape under this initiative spans a concerning range of targets. Operations have progressed from basic data exposure operations, such as releasing information about Israeli soldiers, to more sophisticated attempts against critical infrastructure, including Industrial Control Systems (ICS) and Programmable Logic Controllers (PLC).

This escalation demonstrates the growing technical sophistication within these hacktivist networks. Participants in the Kitten Project coordinate through private messaging channels, sharing tools, techniques, and campaign documentation.

Known groups operating under this umbrella include the Handala Hacking Group, KilledByIsrael, and CyberIsraelFront, among others. The infrastructure itself appears designed to support multiple groups simultaneously, providing what functions as a shared operations center.

VECERT security analysts identified that the platform’s development originated from infrastructure hosted on Iranian servers, specifically through subdomains of zagrosguard.ir.

This discovery revealed that while the project claims operational independence, its technical backbone connects to established Iranian cybersecurity providers.

The analysis uncovered an IP address (185.164.72.226) registered in Iran, operated by Pars Parva Systems under ASN 60631. This infrastructure connection proved critical for understanding the actual support structure behind the supposedly independent hacktivist collective.

Infrastructure and Technical Architecture

The Kitten Project’s technical infrastructure relies on a carefully structured API system that supports multimedia content sharing and user authentication.

VECERT security analysts discovered a PHP-based backend utilizing DirectoryIterator functions to manage and serve images and videos across categorized project folders.

The platform employs security mechanisms, including input validation via regular expression matching, restricting project names to alphanumeric characters, dots, dashes, and underscores, limited to 100 characters.

File names face similar restrictions, preventing directory traversal attacks through explicit path validation using the realpath() functions.

The authentication system requires users to verify their identity through a 64-digit tracking ID and associated email address before accessing messaging sections.

This structure allows the platform to maintain separate communication channels for different operational groups. API endpoints like image.php and media.php handle content delivery with HTTP range request support, enabling efficient video streaming capabilities for shared operational content.

The .htaccess configuration indicates Node.js execution via CloudLinux Passenger, with the server running version 22 of Node.js.

This technical setup provides the platform with dynamic content-generation capabilities beyond static file serving, enabling developers to implement complex backend operations that support the hacktivist coordination infrastructure.

Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.