ZDNet has reported on Wednesday that a hacker who goes by the name Lab Dookhtegan has leaked a set of hacking tools which belong to the espionage groups of Iran. These tools are often termed as APT34s, HelixKitten or Oilrig. He started leaking the tools on Telegram from mid March. This APT34s consisted of very sensitive information, mostly usernames and passwords.
User Posted about this Information on Twitter to let ZDNet Know
A Twitter user has informed ZDNet about this leakage. He DMed them some images and files related from the leakage. ZDNet is suspecting that the person who shared the news with them is the persona of Lab Dookhtegan. That particular twitter user has claimed that he worked on groups DNSpionage campaign.
The hacker has leaked the source code of six tools- HyperShell, PoisonFrog, Glimpse, Webmask, FoxPanel, and HighShell. Many cybersecurity experts like the Alphabet’s cybersecurity division, Chronicle has confirmed the authenticity of leaked data.
Apart from these tools, the hacker also leaked content from several active backend panels where the data of users have been stored. The Chronicle and Alphabet security division has confirmed that the hacker leaked the data of 66 victims and most of them are from the Middle East Countries. This data was collected from private companies and government agencies as well. He also leaked the past data of APT34s like the IP addresses and domains where the group has hosted operational data and web shells.
The personal data of the Iranian Ministry of Intelligence Officers who were involved in the APT34s operations was also leaked by the hacker. He admitted in the group that he has destroyed the APT34s of Iran and now they have no other options than starting it all over. It has been estimated that the hacker had some personal grudge against the Iranian Ministry of Intelligence as he termed them as ruthless, cruel and criminal.