A hacking group going by the name Lab Dookhtegan has posted the tools used by the infamous Iranian APT34 cyberespionage group.
APT34, also known as HelixKitten and OilRig has purportedly been behind many attacks, but this time was victimized when a data dump of tools was posted on a Telegram channel, reported Bleeping Computer. The information released contained not only the tools, but also the names, addresses, photos and phone numbers of some Iranian Ministry of Intelligence members along with data on some of APT34s victims.
“We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks. We hope that other Iranian citizens will act for exposing this regime’s real ugly face!” posted Lab Dookhtegan according to Bleeping Computer.
The data, which was rated legitimate by Chronicle, began leaking on March 26 contained “source code for home-grown tools, URLs to web shells on servers from organizations all over the world, governments included, web shell access details, usernames and passwords from compromised targets,” Bleeping Computer reported.