IBM’s cybersecurity wing, X-Force has discovered a server, that’s having training videos of Iranian hackers. The video showed how recruits are accessing user accounts and profiling their data for future purposes. Though it’s not revealed how the gang has got those credentials, it’s shown that they’re validating credentials over 75 websites and profiling.
Iranian Hackers Training Videos Leaked!
In the latest discovery by IBM’s X-Force researchers, a trove of training videos was found in a server which was left exposed online. The researchers say the operators of those videos could be recruits to Iranian state-sponsored hackers and are learning how to hijack and profile account data.
The videos were made using a screen recorder called BandiCam, and were intentionally recorded rather than doubting that one of their malware fired back. The videos show a group of hackers doing various tasks like accessing target accounts using a list of credentials and profiling their data from various other accounts.
Researchers said the process is so detailed since they’re hijacking accounts with least importance also. According to Xcode team, hackers here are pulling data from various online accounts linked to targeting like credit reporting, municipal utilities, banks, student financial aid, video and music streaming, pizza delivery, baby product sites, mobile carriers and video games.
While the researchers haven’t revealed how the hackers achieved those credentials, they say they’re validating credentials with at least 75 websites to access more accounts. Besides profiling, hackers here were also seen exfiltrating data from online accounts – especially Google. Videos show the Google account activity, history, Chrome data etc were exfiltrated.
Finally, researchers linked the authors to be ITG18 which they’re tracking since past and called also called as Charming Kitten, Phosphorous, and APT35. The group is a state-sponsored gang from the Iranian government and has records of attacking government departments in past.