In an incident reminiscent of the NSA hacking tools leaked by them Shadow Brokers, someone posted similar hacking tools belonging to one of the top groups espionageof Iran, known as APT34, Oilrig or HelixKitten.
The leaked hacking tools are not as specialized as the NSA tools leaked by 2017, but they are extremely dangerous.
They also spilled the data of the victims of the tools and circulated online.
The tools leaked from mid-March on a Telegram channel from a person using Lab Dookhtegan as a pseudonym.
In addition to hacking tools, Lab Dookhtegan published data from victims of the APT34 group. The data contains combinations of names and codes access and appear to have been collected via phishing pages.
Let's say his Twitter account is closed for obvious reasons
https://twitter.com/dookhtegan
Several cyber security experts have already confirmed the authenticity of the tools.
On the Telegram Channel that was discovered today, the hacker has leaked the source code of six hacking tools and the content from many active backend panels where the victims' data was collected.
Hacking tools:
– Glimpse (newer version one trojan based on PowerShell and the Palo Alto Networks names BondUpdater)
- PoisonFrog (older version of BondUpdater)
- HyperShell (web shell called Palo Alto Networks TwoFace)
- HighShell (another web shell)
- Fox Panel (phishing kit)
- Webmask (DNS tunneling, main tool behind DNSPionage)
In addition to the source code of the above tools, Dookhtegan also leaked victim data collected on some of the APT34 team command and control servers (C&C).
In total, Dookhtegan leaked data from 66 victims, mostly from countries the Middle East, Africa, East Asia and Europe.
The data they come from government agencies, but also from private companies. The two largest companies listed on the Telegraph channel are Etihad Airways and Emirates National Oil. A list of victims (but no names of companies / government bodies) is available below.
___________________