Thursday, March 28, 2024

Iranian Threat Group Exposes 40 GBs of their Training Video and Data Files

Iranian threat group ITG18 known for targeting pharmaceutical companies and the U.S. presidential campaigns. IBM referred to the group as ITG18, whereas the other security firms refer to as APT35 or Charming Kitten.

The group found to be active since 2013, the group is known for conducting sophisticated phishing attacks.

Training Video Exposed

IBM X-Force Incident Response Intelligence Services (IRIS) found a server associated with ITG18 associates that have more than 40 gigabytes of training video and other data.

An OPSEC failure with ITG18 operator exposes the inner working of threat actors and a way to have “a unique behind-the-scenes look into their methods, and potentially, their legwork for a broader operation.”

The training videos mainly focused on creating accounts, operator testing access, and exfiltrating data from the compromised accounts.

Based on video files timestamps, the video’s found to be recorded approximately one day before being uploaded to the ITG18-operated server.

In the video, operators explain “how to exfiltrate various datasets associated with these platforms including contacts, photos, and associated cloud storage.”

“Some of the operator-owned accounts observed in the training videos provided additional insight into personas associated with ITG18, such as phone numbers with Iranian country codes.”

The videos also contain failed phishing attempts of targeting the personal accounts of an Iranian-American philanthropist and officials of the U.S. State Department.

The videos also exposed the persona accounts and Iranian phone numbers associated with ITG18 operators.

Based on the training materials it appears the operators are looking to gather trivial social information about the individuals.

To note: If the threat actors successfully authenticated against a site and if they have multifactor authentication (MFA) they stop the process and move on to other accounts.

The discovery shows the importance of Using Multifactor Authentication, Reset Your Passwords Periodically & using a Password Manager.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles