- Joined
- Dec 3, 2020
- Messages
- 1,293
In some videos, the operator managed the created accounts.
Security researchers from the IBM X-Force Incident Response Intelligence Services (IRIS) team during monitoring of the virtual cloud server of the Iranian cybercriminal group ITG18 (also known as APT35, Phosphorus, Charming Kitten and Ajax Security Team) found 40 GB of data, among which was stolen information hacked accounts and videos. Researchers were able to access the data due to the fact that hackers did not take care of the proper protection of their server by incorrectly configuring its settings.
According to experts, some of the videos found are a training tool that the Iranian group used to train new recruits. The video was recorded using a screen recording application called BandiCam. Some videos showed how the operator managed the created accounts, while in others, he checked access and stole data from previously hacked accounts. Unsuccessful phishing attempts have also been recorded against the Iranian-American philanthropist and US Department of State officials.
Specialists were able to identify and later notify some of the victims depicted in the video, including a US Navy soldier and a Greek Navy officer.
In five video files with the names “AOL.avi”, “Aol Contact.avi”, “Gmail.avi”, “Yahoo.avi”, “Hotmail.avi” the operator uses the “Notepad” file containing one set of credentials for each platforms, and in each video, selects them for the respective websites. The video also demonstrates filtering various datasets associated with these platforms, including contacts, photos, and cloud storage.
The operator also showed a change in the settings in the security section of each account and added them to Zimbra, a legitimate email collaboration platform that can combine multiple email accounts into one interface. With Zimbra, an operator could simultaneously monitor and manage various compromised email accounts.
Security researchers from the IBM X-Force Incident Response Intelligence Services (IRIS) team during monitoring of the virtual cloud server of the Iranian cybercriminal group ITG18 (also known as APT35, Phosphorus, Charming Kitten and Ajax Security Team) found 40 GB of data, among which was stolen information hacked accounts and videos. Researchers were able to access the data due to the fact that hackers did not take care of the proper protection of their server by incorrectly configuring its settings.
According to experts, some of the videos found are a training tool that the Iranian group used to train new recruits. The video was recorded using a screen recording application called BandiCam. Some videos showed how the operator managed the created accounts, while in others, he checked access and stole data from previously hacked accounts. Unsuccessful phishing attempts have also been recorded against the Iranian-American philanthropist and US Department of State officials.
Specialists were able to identify and later notify some of the victims depicted in the video, including a US Navy soldier and a Greek Navy officer.
In five video files with the names “AOL.avi”, “Aol Contact.avi”, “Gmail.avi”, “Yahoo.avi”, “Hotmail.avi” the operator uses the “Notepad” file containing one set of credentials for each platforms, and in each video, selects them for the respective websites. The video also demonstrates filtering various datasets associated with these platforms, including contacts, photos, and cloud storage.
The operator also showed a change in the settings in the security section of each account and added them to Zimbra, a legitimate email collaboration platform that can combine multiple email accounts into one interface. With Zimbra, an operator could simultaneously monitor and manage various compromised email accounts.
