IBM has obtained hours of footage of Iran-linked hackers in action,
videos that are believed to have been unintentionally leaked by the
hackers themselves.
IBM’s X-Force security
team acquired about five hours of video footage of hacking operations by
APT35, a hacking group linked to the Iranian government, the Wired
reported.
Individuals
targeted by the hackers included US State Department staff, an unnamed
Iranian-American philanthropist, and US and Greek military personnel,
IBM found.
The logo for IBM appears above a trading post on the floor of the New York Stock Exchange. (AP)
The footage, which was directly recorded
from the screens of APT35 hackers, show how the group steals data from
email accounts as well as who it is targeting, according to the report.
The hackers recorded their operations and uploaded the video to an unprotected server online, the report said.
The
IBM researchers got a hold of the footage due to “a misconfiguration of
security settings on a virtual private cloud server they’d observed in
previous APT35 activity,” the report said, adding that the files were
uploaded to the exposed server over a few days in May, just as IBM was
monitoring the machine.
The APT35 hackers
recorded their operations to demonstrate to junior team members how to
handle hacked accounts, according to the report. The videos show the
hackers how to download the contents of compromised Gmail and Yahoo Mail
accounts.
In one of the videos seen by the Wired, the
hackers logged into a compromised Gmail account, linked it to the email
software Zimbra, and used Zimbra to download the compromised account’s
entire inbox to the hacker’s machine, the report said.
Next,
the hacker deleted a Gmail alert received by the victim that said their
account permissions have been changed. The hacker then downloaded the
victim’s contacts and photos from their Google account, according to the
report.
The speed at which the hackers
were able to exfiltrate the compromised accounts’ information suggests
that “they are likely carrying out this sort of personal data theft on a
mass scale,” the Wired cited Allison Wikoff, a senior analyst at IBM
X-Force whose team discovered the videos, as saying.
In
another video, the APT35 hackers exfiltrated data from a member of the
US Navy and a two-decade veteran of the Greek Navy. The Iran-linked
hackers apparently stole photos, emails, tax records, and other personal
information from the two, the report said.
The
leaked videos may force the Iranian hackers to change some of their
tactics, Emily Crose, a researcher for the security firm Dragos, was
cited as saying in the report.
Source: