Ένα εργαλείο για hijacking λογαριασμών ηλεκτρονικού ταχυδρομείου του Microsoft Exchange used by the OilRig team was leaked online.
The utility is called Jason and is not currently detected by virus protection machines in VirusTotal.
The hijacking tool was made available a few hours ago through their channel Telegram, και η δημοσίευση αναφέρει ότι χρησιμοποιείται από την κυβέρνηση του Ιράν “για την προσβολή ηλεκτρονικών μηνυμάτων και την κλοπή πληροφοριών”.
The Jason hijacking tool works by trying various codes accesss until he finds the right one. The brute-force activity is supported by a list of sample passwords and four text files containing numeric patterns.
Omri Segev Moyal, co-founder and vice president of research at Minerva Labs, analyzed the tool Jason, and states that "it seems to be a relatively simple brute-force program against online messaging services".
VirusTotal analysis reveals that the utility was created in 2015. So far it seems to bypass all the detection mechanisms available by VirusTotal.
The OilRig group, also known as APT34 and HelixKitten, is a group affiliated with the Iranian government. Using the nickname Lab Dookhtegan, someone started leaking information about OilRig on March 26, the tools they used in business hacking and various data contact information for group members purportedly working for Iran's Ministry of Intelligence and Security (MOIS).
_______________________
- Meet PowerShell 7
- Windows 10 the Best Antivirus Tests March - April 2019
- Laptop vs. desktop. Advantages, disadvantages, and what to buy