Iranian Cyber-Espionage Exposed

Two new leaks exposing Iranian cyber-espionage operations have been published, via Telegram channels, on the Dark Web and the Internet.

One leak claims to contain operational data from the MuddyWater hacking group, while the second leak reveals information about a new group identified in official Iranian government documents as the Rana Institute, and currently not linked to any known Iranian cyber-espionage group.

Because this data was put up for sale, the leakers did not release any tools for free, like Lab Dookhtegam in the first leak. Instead, they posted images showing the source code of a command and control (C&C) server used by the Iranian  MuddyWater hacking group. Also,images of MuddyWater C&C server backends, which also included unredacted IP addresses of some of MuddyWater's victims.

Because the leakers have revealed only a small sample of data in the form of screenshots, the jury is still out on the authenticity of this leak; however, it cannot be discounted for the time being. 

Both ZDNet and Minerva Labs have been keeping an eye on this leak for new developments, but besides having the Telegram channels suspended and having to create new ones, nothing new has been shared for a few days now.

The three main Telegram groups on which the leaks were posted are: 

  • Lab Dookhtegam pseudonym ("The people whose lips are stitched and sealed", which is a translation from Persian) – In this channel attack tools attributed to the group 'OilRig' were leaked; including a webshell that was inserted into the Technion, various tools that were used for DNS attacks, and more. 
  • Green Leakers – In this channel attack tools attributed to the group 'MuddyWatter' were leaked. The group's name and its symbol are identified with the "green movement", which led the protests in Iran after the Presidential elections in 2009. These protests were heavily repressed by the revolutionary guards (IRGC) 
  • Black Box – Unlike the previous two channels this has been in existence for some time. On Friday May 5th 2019 dozens of confidential documents labeled as "secret" (a high confidentiality level in Iran, one before the highest - top secret) were posted on this channel. The documents were related to Iranian attack groups' activity. 

The documents leaked include documents by the Iranian Ministry of Intelligence (comparable to the FBI and CIA) with information about a group known as "Rana".

At this stage, we cannot attribute the group to other known Iranian actors. These documents contain lists of victims, cyber-attack strategies, alleged areas of access, a list of employees, and screenshots from internal websites relevant to espionage systems. 

Further, a one of the document appears to be from the center for IT security incidents Kavesh". Note however that it was adapted from the original document by the Islamic Revolutionary Guard Corps, and now also contains their symbol. 

This document was partly leaked and contained details regarding a development program of a malware for attacking SCADA systems, similar to Stuxnet. 

ClearSky:          ZDNet

You Might Also Read: 

US Electric Grid Suffers Unexplained DDoS Attack:

 

« Cyber Breaches Will Kill
Google Blocks Huawei From Android »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

Zen360Consult

Zen360Consult

Zen360Consult provides Advisory and Training services in the field of Cyber Resilience, which includes Cyber Security /ISMS and Business Continuity.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Trinity Cyber

Trinity Cyber

Trinity Cyber’s patent-pending technology stops attacks before they reach internal networks,reducing risk and increasing cost to adversaries.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

Accops Systems

Accops Systems

Accops enables secure and instant remote access to business applications from any device and network, ensuring compliant enterprise mobility.

Jera IT

Jera IT

Jera IT provide fully managed IT support, cybersecurity services, telecoms systems, and IT strategy consultancy to businesses based in Aberdeen and the surrounding area.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.