New leaks of Iranian cyber-espionage operations hit Telegram and the Dark Web
Two new leaks exposing Iranian cyber-espionage operations have been published online, via Telegram channels and websites on the Dark Web and the public Internet.
One leak claims to contain operational data from the MuddyWater hacking group, while the second leak reveals information about a new group identified in official Iranian government documents as the Rana Institute --and currently not linked to any known Iranian cyber-espionage group.
A FIRST LEAK HAPPENED LAST MONTH
These two leaks come after last month, a mysterious figure using the Lab Dookhtegam pseudonym dumped on a Telegram channel the source code of several malware strains associated with APT34 (Oilrig), an Iranian government-backed cyber-espionage group.
These two new leaks are different from the first. None of them include source code for malware. Instead, they contain images of source code of unknown origins, images of command and control server backends, and images listing past hacked victims.
Multiple cyber-security firms, such as Chronicle, FireEye, and Palo Alto Networks, confirmed the authenticity of this first leak. Security researchers from ClearSky Security and Minerva Labs have confirmed this last batch.
No comments:
Post a Comment