Iranian Cyber-Espionage Exposed

Uploaded on 2019-05-17 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

Two new leaks exposing Iranian cyber-espionage operations have been published, via Telegram channels, on the Dark Web and the Internet.

One leak claims to contain operational data from the MuddyWater hacking group, while the second leak reveals information about a new group identified in official Iranian government documents as the Rana Institute, and currently not linked to any known Iranian cyber-espionage group.

Because this data was put up for sale, the leakers did not release any tools for free, like Lab Dookhtegam in the first leak. Instead, they posted images showing the source code of a command and control (C&C) server used by the Iranian  MuddyWater hacking group. Also,images of MuddyWater C&C server backends, which also included unredacted IP addresses of some of MuddyWater's victims.

Because the leakers have revealed only a small sample of data in the form of screenshots, the jury is still out on the authenticity of this leak; however, it cannot be discounted for the time being. 

Both ZDNet and Minerva Labs have been keeping an eye on this leak for new developments, but besides having the Telegram channels suspended and having to create new ones, nothing new has been shared for a few days now.

The three main Telegram groups on which the leaks were posted are: 

  • Lab Dookhtegam pseudonym ("The people whose lips are stitched and sealed", which is a translation from Persian) – In this channel attack tools attributed to the group 'OilRig' were leaked; including a webshell that was inserted into the Technion, various tools that were used for DNS attacks, and more. 
  • Green Leakers – In this channel attack tools attributed to the group 'MuddyWatter' were leaked. The group's name and its symbol are identified with the "green movement", which led the protests in Iran after the Presidential elections in 2009. These protests were heavily repressed by the revolutionary guards (IRGC) 
  • Black Box – Unlike the previous two channels this has been in existence for some time. On Friday May 5th 2019 dozens of confidential documents labeled as "secret" (a high confidentiality level in Iran, one before the highest - top secret) were posted on this channel. The documents were related to Iranian attack groups' activity. 

The documents leaked include documents by the Iranian Ministry of Intelligence (comparable to the FBI and CIA) with information about a group known as "Rana".

At this stage, we cannot attribute the group to other known Iranian actors. These documents contain lists of victims, cyber-attack strategies, alleged areas of access, a list of employees, and screenshots from internal websites relevant to espionage systems. 

Further, a one of the document appears to be from the center for IT security incidents Kavesh". Note however that it was adapted from the original document by the Islamic Revolutionary Guard Corps, and now also contains their symbol. 

This document was partly leaked and contained details regarding a development program of a malware for attacking SCADA systems, similar to Stuxnet. 

ClearSky:          ZDNet

You Might Also Read: 

US Electric Grid Suffers Unexplained DDoS Attack:

 

« Cyber Breaches Will Kill
Google Blocks Huawei From Android »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Reed Smith LLP

Reed Smith LLP

Reed Smith LLP is an international law firm with offices in the USA, Europe, Middle East and Asia. Practice areas include Information Technology, Privacy & Data Security.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

MixMode

MixMode

MixMode's PacketSled platform delivers network monitoring, deep forensic analysis and incident response.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

Shield-IOT

Shield-IOT

Shield-IoT provides real-time analytics and cyber security solutions for deployment in mass scale B2B and IIoT networks.

BELAC

BELAC

BELAC is the national accreditation body for Belgium.

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Fifosys

Fifosys

Fifosys is a professional technology infrastructure specialist, delivering a broad portfolio of high quality technical and strategic managed services.

CrossCountry Consulting

CrossCountry Consulting

CrossCountry Consulting is a trusted business advisory firm that provides customized finance, accounting, human capital management, risk, operations and technology consulting services.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Rhymetec

Rhymetec

Rhymetec are an industry leader in cloud security, providing innovative cybersecurity and data privacy services to the modern-day SaaS business.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

Black Belt Secure

Black Belt Secure

We provide critical cybersecurity services such as managed security, ransomware mitigation, penetration testing, system auditing and compliance services to your organization.

Chaos Computer Club (CCC)

Chaos Computer Club (CCC)

The Chaos Computer Club is Europe's largest association of hackers.

Spektion

Spektion

Spektion are transforming how organizations meet the challenge of third-party software risk.