Iran's hacking tools: source code leakage

In an incident reminiscent of the NSA hacking tools leaked by them Shadow Brokers, someone posted similar hacking tools belonging to one of the top groups of Iran, known as APT34, Oilrig or HelixKitten.

The leaked hacking tools are not as specialized as the NSA tools leaked by 2017, but they are extremely dangerous.
They also spilled the data of the victims of the tools and circulated online.Hacking tools

The tools leaked from mid-March on a Telegram channel from a person using Lab Dookhtegan as a pseudonym.

In addition to hacking tools, Lab Dookhtegan published data from victims of the APT34 group. The data contains combinations of names and codes and appear to have been collected via phishing pages.
Let's say his Twitter account is closed for obvious reasons

https://twitter.com/dookhtegan

Several cyber security experts have already confirmed the authenticity of the tools.

On the Telegram Channel that was discovered today, the hacker has leaked the source code of six hacking tools and the content from many active backend panels where the victims' data was collected.

Hacking tools:

– Glimpse (newer one based on PowerShell and the Networks names BondUpdater)
- PoisonFrog (older version of BondUpdater)
- HyperShell (web shell called Palo Alto Networks TwoFace)
- HighShell (another web shell)
- Fox Panel (phishing kit)
- Webmask (DNS tunneling, main tool behind DNSPionage)

In addition to the source code of the above tools, Dookhtegan also leaked victim data collected on some of the APT34 team command and control servers (C&C).

In total, Dookhtegan leaked data from 66 victims, mostly from the Middle East, Africa, East Asia and Europe.

The they come from government agencies, but also from private companies. The two largest companies listed on the Telegraph channel are Etihad Airways and Emirates National Oil. A list of victims (but no names of companies / government bodies) is available below.

___________________

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).