Iran’s Ministry of Intelligence and Security (MIS) has been Breached

During the time frame 26 March 2019 until 18 April 2019, leaker Lab_Dookhtegan dumped information, photos, and source code allegedly belonging to APT34 / OilRig via their Telegram messenger channel.  The leak highlights Iran’s heavy use of ASP web shells on compromised exchange servers to launch attacks and exfiltration via DNS.  Several tools from APT34 / OilRig were released (high confidence): PoisonFrog, base.aspx, webmask_dns, FoxPanel222 nodeJS phishing kit, HighShell, HyperShell, MinionProject, and Glimpse.  Out of ten alleged members (low confidence), three work in Iran’s Ministry of Intelligence and another three work for the cybersecurity company Rahacrop or Raha Iran. 

IR-19-122-001 IRAN MIS Breach_FINAL.pdf

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!

Join Red Sky Alliance