Hours-long feed shows Iranian hackers targeting U.S. military and State Department officials.
Iranian regime-backed hackers were caught on video breaking into U.S. officials’ email accounts. Iranian cyberspies ‘accidentally’ recorded themselves hacking into foreign users, the media reports said.
The hours-long video feed revealed Iranians targeting U.S. military and State Department officials. The finding shows how Iranian are “snooping on American officials’ online lives by taking control of their Google accounts,” the Forbes magazine reported citing IBM cybersecurity experts who uncovered the feed.
The videos captured on a screen-recording app may also have been training video for Iranian cyberspies, some media reports suggest. The “researchers believe the videos are tutorials the Iranian group was using to train new recruits,” the tech news website ZDNet wrote.
The lengthy footage gives rare insight into the workings of Iranian cyber espionage. Besides China and Russia, Iran is the leading cybersecurity threat to the United States. U.S. experts have noted a spike in cyberattacks originating from Tehran.
Tech magazine Wired reported the latest find exposing Iran:
Researchers at IBM’s X-Force security team revealed today that they’ve obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It’s one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including US and Greek military personnel. Other clues in the data suggest that the hackers targeted US State Department staff and an unnamed Iranian-American philanthropist.
The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they’d observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. (…)
In two videos IBM showed to WIRED on the condition that they not be published, the hackers demonstrate the workflow for siphoning data out of a hacked account. (…)
In other videos the IBM researchers declined to show to WIRED, the researchers say the hackers appeared to be combing through and exfiltrating data from real victims’ accounts, rather than ones they created for training purposes. One victim was a member of the US Navy, and another was a two-decade veteran of the Greek Navy. The researchers say the APT35 hackers appear to have stolen photos, emails, tax records, and other personal information from both targeted individuals.
The damning revelations come as Tehran joined hands with Communist China in the field of cyber espionage. Iranian and Chinese telecom ministers met earlier this month to open a “united front” in the cyber domain.
“The Islamic Republic of Iran and China are standing in a united front,” Iranian telecom minister Mohammad-Javad Jahromi declared following the meeting, “to confront U.S. unilateralism and hegemony in the field of IT.” The term IT is a reference to cyber capabilities, media reports confirm.
Iranian cyberattacks are not limited to American targets alone. U.S. allies are bearing the brunt as well. In December 2018, Iran carried out a major cyber attack against the UK. Tehran launched “a wave of cyber attacks” hitting “key parts of the UK’s national infrastructure,” Sky News reported. According to recent news reports, Tehran-backed hackers repeatedly attacked the Israeli water system, attempting to poison people with chlorine and disrupting irrigation.
‘Why the U.S. Is Vulnerable to an Iranian Cyberattack’ (The Wall Street Journal, February 2020)
(Cover image via YouTube)
Go to Source
Author: Vijeta Uniyal