A tool for hijacking Microsoft Exchange e-mail accounts used by the OilRig team leaked online.
The utility is called Jason and is not currently detected by virus protection machines in VirusTotal.
The hijacking tool was released a few hours ago through their Telegram channel, and the publication states that it is used by the Iranian government "for attacking emails and stealing information".
Jason hijacking tool works by trying different passwords until it finds the right one. The brute-force activity is supported by a list of sample passwords and four text files containing numeric patterns.
Omri Segev Moyal, co-founder and vice president of research at Minerva Labs, analyzed the tool Jason, and states that "it seems to be a relatively simple brute-force program against online messaging services".
VirusTotal analysis reveals that the utility was created in 2015. So far it seems to bypass all the detection mechanisms available by VirusTotal.
The OilRig group, also known as APT34 and HelixKitten, is a group affiliated with the Iranian government. Using the nickname Lab Dookhtegan, someone started leaking information about OilRig on March 26, the tools used in hacking operations and various contact details for members of the group allegedly working in Iran's Ministry of Information and Security (MOIS).
_______________________
- Meet PowerShell 7
- Windows 10 the Best Antivirus Tests March - April 2019
- Laptop vs. desktop. Advantages, disadvantages, and what to buy