News

Another tool of the Iranian government cyber espionage group APT34 leaked to the Internet

Tool in open access on the Internet turned out to be an instrument for hacking Microsoft Exchange user accounts and allegedly was used by the cybercriminal grouping OilRig (also known as APT34 and HelixKitten).

In mid-March 2019, a someone known as Lab Dookhtegan published in Telegram tools of the Iranian cyber espionage group APT34, as well as information about the victims of hackers and employees of the Iranian Ministry of Information and National Security, who are allegedly associated with the operations of the group.

Lab Dookhtegan revealed source codes of six tools, whose authenticity was confirmed by leading information security specialists, including those from Chronicle, cybersecurity division of Alphabet Holding.

Zdnet reference:

While initially it was believed that Lab Dookhtegan was a former insider, the new consensus is that this is the online persona of a foreign intelligence agency who is trying to expose Iranian hacking efforts in attempts to damage the country’s cyber-espionage operations, as long as its political connections with neighbors and allies.

Now Lab Dookhtegan in the same Telegram channel published another tool belonging to APT34, the utility called Jason.

A tool named Jason is not detected by antivirus solutions on VirusTotal.

Jason appeared on the Telegram channel on Monday, June 3. According to the owner of the channel, the Iranian government uses this tool tool for “hacking email and stealing information.

At its core, Jason is a for brute-force tool as program selects passwords for the account until it finds the one that matches. Jason selects passwords from a sample list attached to it and four text files with numeric patterns.

Omri Segev Moyal

“The tool seems to be a bruteforce attacker against online exchange services”, – said Omri Segev Moyal, vice president of Minerva Labs, who analyzed the Jason program.

According to VirusTotal, the tool was compiled in 2015, so it has been used in APT34 operations for at least four years. At the time of the publication of Jason in open access, it was not detected by any protective solution. It is also interesting that if the previous six APT34 tools, published in the spring of this year, were previously detected security experts, none of experts have “identified” Jason.

Source: https://www.zdnet.com

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Adblockelite.xyz Pop-up Ads

About Adblockelite.xyz Adblockelite.xyz pop-ups can not open out of nowhere. If you have clicked some…

5 hours ago

Remove Appcloud-center.com Pop-up Ads

About Appcloud-center.com Appcloud-center.com pop-ups can not open out of nowhere. If you have actually clicked…

5 hours ago

Remove Groopheetex.com Pop-up Ads

About Groopheetex.com Groopheetex.com pop-ups can not expose out of nowhere. If you have clicked on…

5 hours ago

Remove Vidstreambox.com Pop-up Ads

About Vidstreambox.com Vidstreambox.com pop-ups can not expose out of the blue. If you have actually…

5 hours ago

Remove Mac-uptodate.com Pop-up Ads

About Mac-uptodate.com Mac-uptodate.com pop-ups can not introduce out of the blue. If you have actually…

5 hours ago

Remove Taffetlervers.com Pop-up Ads

About Taffetlervers.com Taffetlervers.com pop-ups can not expose out of the blue. If you have clicked…

5 hours ago