Technology News, World Technology News, Breaking Tech News e.t.c
  • Computing
  • Internet
  • Mobile Tech
  • Science
  • Security
  • Tech Africa
  • Tech Business
  • Empowerment
  • Contact Us
Technology News, World Technology News, Breaking Tech News e.t.c
Banner
  • Computing
  • Internet
  • Mobile Tech
  • Science
  • Security
  • Tech Africa
  • Tech Business
  • Empowerment
  • Contact Us
Tag:

IBM X-Force IRIS

Hacking

SECURITY: 40GB Training Videos of Iran-Linked Hackers Leaked by Mistake

by tech_admin July 19, 2020
written by tech_admin

IBM X-Force Incident Response Intelligence Services (IRIS) security researchers have compiled approximately 40 GB of videos and other files of the leading Iranian hacking community.

The data archive detected by IBM X-Force research teams contained about 5 hours of video training, which seems to have directly been recorded from screens of hackers operating on behalf of the government group it calls ITG18 (or APT35) associated with the targeting of pharmaceutical companies and the presidential US campaign. This is the only way to obtain information from IBM X-Force IRIS researchers.

During the threeday time period from May 2020, in a server hosting various ITG18 domains that were used in earlier 2020, IBM X-Force IRIS discovered the 40GBs of video and data files.

“It is rarely possible to understand how the operator operates behind the keyboard, and there are still more rare recordings showing its operations generated by the operator. However, that’s precisely what IRIS uncovered by X-Force on an ITG18 operator who has a unique backstage review of its methods and possibly its legacy for a broader operation that is likely to be underway, ” said Wikoff, a strategic cyber threat analyst at IBM Security.

Several of the victims used compromised accounts from a US lawmaker in the files. The Navy and a staff officer with almost two decades of service in Greece’s Hellenic Navy. It also included failed attempts at phishing against an anonymous Iranian-American Philanthropist’s personal stories and against the US. Officials of the State Department.

“Several of the videos showed the adversary accounts user, while others showed the access tester and exchanging data from previously compromised accounts,” the researchers said.

The video files that IBM X-Force IRIS found were remote recordings that ranged from 2 minutes to 2 hours using a device named Bandicam. The file timestamps suggested the videos were captured roughly one day before being uploaded to the server run by ITG18.

The user uses a Notepad file containing one credential for each platform in five of the video files called “AOL.avi,” “Aol Contact.avi,” “Gmail.avi,” “Yahoo.avi,” “Hotmail.avi,” and video-by-video copied and pasted it to the corresponding website. The operator went on to show how different databases associated with these sites, including addresses, images, and related cloud storage, could be ex-filtrated.

The operator also updated the settings within each account ‘s account protection section and added them to Zimbra, a legal platform for email collaboration that can merge multiple email accounts into one gui. With Zimbra the operator was able to simultaneously track and handle separate compromised email accounts.

Other operator accounts contained in the training videos provided a further description of people affiliated with ITG18, such as Iranian country code telephone numbers.

“Whatever the motivation, the ITG18 operator’s mistakes have enabled IBM X-Force IRIS to gain valuable insights into how this group could achieve its goals and train its operators elsewhere. IBM X-Force IRIS sees ITG18 as a potential threat group with substantial investment in its operations, “the researchers noted.

“Despite numerous public disclosures and extensive coverage of its activities, the organization has shown continuity in its operations and clear construction of new infrastructures.”

ITG18, which has been operating since at least 2013, primarily targets individuals and organizations of strategic 
interest to the Government of Iran through phishing attacks using credential harvesting and email compromise operations.

 

July 19, 2020 0 comment
0 FacebookTwitterPinterestLinkedinTumblrRedditStumbleuponWhatsappTelegramLINEEmail

Keep in touch

Facebook Twitter Whatsapp

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Related News

  • Nigeria To Examine The Rate Of Termination On International Calls

    September 23, 2020
  • Facebook’s New Lagos Office To Build Opportunities Through African Technology

    September 23, 2020
  • Trump To Block TikTok, WeChat Downloads On Sunday

    September 18, 2020
  • Playstation 5 To Be Launched In November 12

    September 18, 2020
  • Lawsuit Accuses Facebook Of Using Cameras To Spy On Instagram Users

    September 18, 2020

Facebook Feed

Facebook

Popular Posts

  • 1

    Playstation 5 To Be Launched In November 12

    September 18, 2020
  • 2

    SECURITY: 40GB Training Videos of Iran-Linked Hackers Leaked by Mistake

    July 19, 2020
  • 3

    Screen Sharing Now Added to Facebook Messenger on Android & iPhone

    July 19, 2020
  • 4

    BREAKING NEWS: Elon Musk Is Now The World’s Fifth Richest Person

    July 21, 2020

Tech Africa

  • Nigeria To Examine The Rate Of Termination On International Calls

    September 23, 2020
  • NIGERIA: Edo Govt Partners Amazon, Focuses On Cloud Computing Technology

    September 15, 2020
  • NOTAP Leader Advanced Investment In Research And Development For Growth

    September 11, 2020
  • NIGERIA: Buhari Grants NIMC Transition to the Ministry of Communications

    September 10, 2020

Join Us

  • Facebook
  • Twitter
  • Whatsapp

@2020 - All Right Reserved. Designed by LepyKay