Clearky: Someone published on three Telegram channel several significant documents regarding a number of Iran’s state-sponsored hackers. They are authentic and will minimize the APTs potential attacks risks in the next few months
Iranian state-sponsored APTs have suffered a major leak. This thanks to an anonymous actor, who distribute online several significant documents regarding a number of Tehran’s groups. Clearsky cyber security experts investigate them and conclude that they are authentic. The documents were posted on three main Telegram groups: Lab Dookhtegam pseudonym (“The people whose lips are stitched and sealed” – translation from Persian), Green Leakers and Black Box. This leak will likely hamstring the groups’ operation in the near future. Accordingly, this will minimize the risk of potential cyber warfare attacks in the next few months and possibly even year. Moreover, most of the leaks are posted on Telegram channels that were created specifically for this purpose. The identity of the actor is currently unknown, however based on the scope and the quality of the exposed documents and information, it appears that they is professional and highly capable.
The three Telegram channels according to the cyber security experts
According to Clearkysec, in the first Telegram channel were leaked attack tools attributed to the Iranian ‘OilRig’ APT; including a webshell that was inserted into the Technion, various tools that were used for DNS attacks, and more. In the second, it’s up to those attributed to ‘MuddyWater’. The group’s name and its symbol are identified with the “green movement”, which led the protests in Iran after the Presidential elections in 2009. These protests were heavily repressed by the revolutionary guards (IRGC). The cyber security experts believe that the last one, Black Box, unlike the previous, has been around for a long time. On Friday May 5th, dozens of confidential documents labeled as “secret” (a high confidentiality level in the Islamic Republic, one before the highest – top secret) were posted on this channel. The documents were related to Iranian attack groups’ activity. In particular on Rana, a mysterious entity.