Siamesekitten was first detected using fake job postings and applications to phish software engineers in Israel. The attacker's goal appeared to be to escalate access once it had compromised the initial networks and to launch phishing attacks against other individuals and organizations. The malware toolkit used in Siamesekitten's attacks is geared towards reconnaissance.