A new Iranian threat actor is impersonating the firm and their HR personnel to target victims with fake jobs offers to penetrate their computers and gain access to companies client. The attacks have been on gas, oil and telecom providers throughout the Middle East and Africa. The hacker group is called Siamese Kitten aka Lyceum aka Hexane. the group offers jobs from well known companies like Chip PC and Software AG and leads victims to phishing websites containing weaponized files that unlocks a backdoor known as Milan to establish connections and download trojan named Dan Bot. Siamese Kitten main goal is to conduct espionage and utilize the infected network to gain access to their client networks.