23/05/2019

Iranian Cyber-Espionage Exposed

Two new leaks exposing Iranian cyber-espionage operations have been published, via Telegram channels, on the Dark Web and the Internet.One leak claims to contain operational data from the MuddyWater hacking group, while the second leak reveals information about a new group identified in official Iranian government documents as the Rana Institute, and currently not linked to any known Iranian cyber-espionage group.Because this data was put up for sale, the leakers did not release any tools for free, like Lab Dookhtegam in the first leak. Instead, they posted images showing the source code of a command and control (C&C) server used by the Iranian MuddyWater hacking group. Also,images of MuddyWater C&C server backends, which also included unredacted IP addresses of some of MuddyWater's victims.Because the leakers have revealed only a small sample of data in the form of screenshots, the jury is still out on the authenticity of this leak; however, it cannot be discounted for the time being.

Both ZDNet and Minerva Labs have been keeping an eye on this leak for new developments, but besides having the Telegram channels suspended and having to create new ones, nothing new has been shared for a few days now. The three main Telegram groups on which the leaks were posted are: https://www.cybersecurityintelligence.com/blog/iranian-cyber-espionage-exposed--4321.html

No comments :

Post a Comment