CrowdStrike's Intelligence team has been investigating a series of cyberattacks attributed to the Iran-linked adversary group known as IMPERIAL KITTEN, focusing on sectors such as transportation, logistics, and technology. The group's methods include strategic web compromise (SWC) operations, phishing attacks using malicious Excel documents, and leveraging public scanning tools and stolen credentials for initial access. IMPERIAL KITTEN utilizes a variety of custom and open-source malware, such as IMAPLoader and StandardKeyboard, which use email for command and control (C2) communication. Their operations also involve exploiting vulnerabilities to achieve lateral movement and data exfiltration, with a notable focus on Israeli organizations. Despite some low-confidence assessments due to reliance on single-source reporting, the group's activities demonstrate a strategic alignment with Iranian intelligence objectives, likely fulfilling requirements associated with the Islamic Revolutionary Guard Corps (IRGC).