Citrix "ADC" servers and Citrix network gateways (CVE-2019-19781)
F5 Networks BIG-IP load balancers (CVE-2020-5902)
The group has been breaching network devices using the above vulnerabilities, planting backdoors, and then providing access to other Iranian hacking groups, such as APT33 (Shamoon), Oilrig (APT34), or Chafer, according to reports from cyber-security firms ClearSky and Dragos.
These other groups would then come in, expand the "initial access" Pioneer Kitten managed to obtain by moving laterally across a network using more advanced malware and exploits, and then searching and stealing sensitive information likely of interest to the Iranian government.
However, in a report today, Crowdstrike says that Pioneer Kitten has also been spotted selling access to some of these compromised networks on hacking forums, since at least July 2020.
Crowdstrike believes the group is merely trying to diversify its revenue stream and monetize networks that have no intelligence value for Iranian intelligence services.
Classic targets of Iranian state-sponsored hacking groups usually include companies and governments in the US, Israel, and other Arabic countries in the Middle East. Targeted sectors have usually included defense, healthcare, technology, and government. Anything else is most likely out of scope for Iranian government hackers, and very likely to be made available on hacking forums to other gangs.