Iran-linked hackers mistakenly leak videos of their operations in action: Report
IBM has obtained hours of footage of Iran-linked hackers in action, videos that are believed to have been unintentionally leaked by the hackers themselves.
IBM’s X-Force security team acquired about five hours of video footage of hacking operations by APT35, a hacking group linked to the Iranian government, the Wired reported.
Individuals targeted by the hackers included US State Department staff, an unnamed Iranian-American philanthropist, and US and Greek military personnel, IBM found.
The footage, which was directly recorded from the screens of APT35 hackers, show how the group steals data from email accounts as well as who it is targeting, according to the report.
The hackers recorded their operations and uploaded the video to an unprotected server online, the report said.
The IBM researchers got a hold of the footage due to “a misconfiguration of security settings on a virtual private cloud server they’d observed in previous APT35 activity,” the report said, adding that the files were uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine.
The APT35 hackers recorded their operations to demonstrate to junior team members how to handle hacked accounts, according to the report. The videos show the hackers how to download the contents of compromised Gmail and Yahoo Mail accounts.
In one of the videos seen by the Wired, the hackers logged into a compromised Gmail account, linked it to the email software Zimbra, and used Zimbra to download the compromised account’s entire inbox to the hacker’s machine, the report said.
Next, the hacker deleted a Gmail alert received by the victim that said their account permissions have been changed. The hacker then downloaded the victim’s contacts and photos from their Google account, according to the report.
The speed at which the hackers were able to exfiltrate the compromised accounts’ information suggests that “they are likely carrying out this sort of personal data theft on a mass scale,” the Wired cited Allison Wikoff, a senior analyst at IBM X-Force whose team discovered the videos, as saying.
In another video, the APT35 hackers exfiltrated data from a member of the US Navy and a two-decade veteran of the Greek Navy. The Iran-linked hackers apparently stole photos, emails, tax records, and other personal information from the two, the report said.
The leaked videos may force the Iranian hackers to change some of their tactics, Emily Crose, a researcher for the security firm Dragos, was cited as saying in the report.