A tool for hijacking Microsoft Exchange e-mail accounts used by the OilRig team leaked online.
The utility is called Jason and is not currently detected by virus protection machines in VirusTotal.
The hijacking tool was made available a few hours ago through their Telegram channel, and the publication states that it is being used by the Iranian government "to attack electronic messages and information theft".
Jason hijacking tool works by trying various codeof access until it finds the right one. The brute-force activity is supported by a list of sample passwords and four text files containing numeric patterns.
Omri Segev Moyal, co-founder and vice president of research at Minerva Labs, analyzed the tool Jason, και αναφέρει ότι “φαίνεται να είναι σχετικά ένα απλό πρόγραμμα brute-force κατά των online messaging services”.
VirusTotal analysis reveals that the utility was created in 2015. So far it seems to bypass all the detection mechanisms available by VirusTotal.
The OilRig group, also known as APT34 and HelixKitten, is a group linked to the government of Iran. Using the alias Lab Dookhtegan, someone began leaking information about OilRig on March 26, the tools used in hacking operations and various data contact information for group members purportedly working for Iran's Ministry of Intelligence and Security (MOIS).
_______________________
- Meet PowerShell 7
- Windows 10 the Best Antivirus Tests March - April 2019
- Laptop vs. desktop. Advantages, disadvantages, and what to buy
