Some details about the hacking campaigns deployed by OilRig, a group of malicious hackers linked to the Iranian government have been revealed by a hacker group self called Lab Dookhtegan, reported cyber security service specialists.
OilRig is a group of advanced persistent
threats (APT) linked to Iran regime active at least since 2014. The main
victims of this group are financial and government organizations, besides power,
telecommunications and pharmaceutical companies in the U.S. and some countries
in the Middle East.
According to cyber security service specialists,
Lab Dookhtegan hackers published information on OilRig hacking campaigns and
infrastructure on a Telegram
channel; the leaked information contained data such as the names of the members
of the hacker group, tools used, and IP addresses and domains involved in the
attacks.
Most likely, the group in charge of these leaks
seeking to disrupt OilRig hacking operations is backed by a state actor opposed
to the Iranian regime.
In addition, Lab Dookhtegan leaked the source
code of some hacking tools used by OilRig, among which include:
- Glimpse,
a PowerShell-based Trojan - PoisonFrog,
an earlier version of Glimpse - Jason,
an email hacking tool - Hypershell,
a web shell also known as TwoFace - Fox
Panel, a phishing tool
However, among the leaks, specialists in cyber
security service believe that the most outstanding is Jason, an email hacking
tool. Lab Dookhtegan hackers claim that OilRig uses this tool to hijack
Microsoft Exchange email accounts and has a 0% detection rate among the most
popular anti-malware tools.
Jason is employed by OilRig to launch brute
force attacks using a dictionary of sample passwords and four text
files that contain numeric patterns to decrypt the passwords of Exchange users.
According to figures from the International Institute of Cyber Security (IICS),
since it was discovered the Jason tool has only been detected by 7 out of 71 anti
malware solutions.
Experts consider that the leaking of this
hacking tools will enable anti malware companies to perform extensive analysis
and improve existing mechanisms for their detection; although on the other
hand, malicious hacker groups have access to this information as well, which
could represent an increase in attack campaigns with these tools.
