Cyber wars

Hacker Group Exposes Iranian APT Operations and Members

Hackers have revealed details about the inner workings of a cyber-espionage group mostly known in the security community as OilRig, APT34, and HelixKitten, linked to the Iranian government.

Using the online name Lab Dookhtegan, the hackers used a Telegram channel to dump information about APT34's infrastructure, hacking tools, members, and victims.

The data dump is no hoax. We received confirmation from Chronicle, Alphabet's cybersecurity company, that the leaked information is associated with the APT34/OilRig group.

One theory is that behind the leak are opponents of the Iranian regime involved in the government's cyber operations. If more than one individual did this, it is not a large group, someone familiar with the situation in Iran told us.

Brandon Levene, Head of Applied Intelligence at Chronicle, believes that one reason behind the leak would be to put Iranian cyber capabilities in the limelight; another would be to disrupt future operation by forcing APT34 to retool.

Dookhtegan did not hide their feelings toward the government's cyber activity, expressing hope that other Iranians will do something to fight the regime.