Researchers at IBM X-Force security disclosed that they had attained five hours of video footage of Iranian hackers
Researchers at IBM X-Force security disclosed that they had attained five hours of video footage of Iranian hackers training their junior hackers how to break into victim accounts using a lust of compromised credentials.
The footage was directly recorded from the screen and held more than 40 gigabytes of information stolen from victim accounts.
The files were uploaded accidentally to an exposed server in May that was being monitored by IBM. The hackers recorded these hacking workouts using a screen-recording app called BandiCam.
The server and videos belong to a hacking group that IBM calls ITG18, and which other researchers refer to as Charming Kitten, Phosphorus or APT35. The group is one of the most active state-sponsored intelligence teams linked to the government of Iran.
The hackers appear to have targeted US State Department officials, an Iranian-American philanthropist, a U.S Navy sailor as well as an officer with the Hellenic Navy - the naval force of Greece.
The IBM researchers uncovered a total of five videos with titles “AOL.avi,” “Aol Contact.avi,” “Gmail.avi,” “Yahoo.avi” and “Hotmail.avi.”
According to researchers, the hackers appear to have stolen photos, emails, tax records, and other personal information from both targeted individuals.
In the other clips, the researchers identified the hackers employing a text document full of usernames and passwords for a long list of none-email accounts, from phone carrier to bank accounts and music streaming to pizza delivery and baby products.
Wikoff said they were stunned to see how quickly the hackers worked as it took around four minutes to steal the Google account’s data and took less than three minutes to steal Yahoo account.
“During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved to another set of credentials without gaining access, ” said the researchers.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online