A new email hacking tool associated with the Iran-linked OilRig APT group was leaked through the same Telegram channel that in April leaked the source code of 6 tools used by the crew.
In April, a hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig, APT34, and HelixKitten. The Lab Dookhtegan hackers used a Telegram channel to dump information about the OilRig infrastructure, revealing details about its hacking tools, members, and operations. The hackers also disclosed IP addresses and domains involved in operations conducted by the group over the years.
Now the group released a tool that was allegedly used by OilRig “for hacking emails and stealing information.”
OilRig is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries.
The new tool could be used to hijack Microsoft Exchange email accounts, it was dubbed Jason and currently, it is has a detection rate of 0 on VirusTotal.
The Jason email hijacking tool works is used by threat actors to carry out brute-force attacks using a dictionary of password samples and four text files containing numerical patterns.
According to VirusTotal the sample was compiled in 2015 and at the time of writing it is detected only by 7 out of 71 antivirus solutions.
The leak of the hacking tools allowed security firms to analyze them and implements the rules for their detection.
On the other side, hackers could use these tools to carry out the attacks making hard their attribution.
You can find further info on the Jason tool in a blog post published by Omri Segev Moyal, the co-founder at Minerva Labs.
Thank you
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – OilRig, Jason email hijacking tool)
[adrotate banner=”5″]
[adrotate banner=”13″]
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
This website uses cookies.