Η μονάδα IRIS της IBM ανακάλυψε online κατά λάθος εκτεθειμένο υλικό εκπαίδευσης των μελών της ιρανικής οργάνωσης κυβερνοεπιθέσεων ITG18 που συνδέεται και υποστηρίζεται από την κυβέρνηση του Ιράν.
Σε αυτό το εκπαιδευτικό υλικό κάποια από τα θύματα των Ιρανών είναι και στελέχη του ελληνικού πολεμικού ναυτικού. Αυτό που φαίνεται να έχει υποκλαπεί στα videos είναι προσωπικά και όχι εθνικά δεδομένα:
The discovered video files show that ITG18 had access to the targets' email and social media credentials obtained via spear-phishing, using the information to log in to the accounts, delete notifications of suspicious logins so as not to alert the victims, and exfiltrate contacts, photos, and documents from Google Drive.
"The operator was also able to sign into victims' Google Takeout (takeout.google.com), which allows a user to export content from their Google Account, to include location history, information from Chrome, and associated Android devices," the researchers noted.
Besides this, the videos — captured using Bandicam's screen-recording tool — also show that the actors behind the operation plugged the victims' credentials to Zimbra's email collaboration software intending to monitor and manage the compromised email accounts.
Outside of email accounts, the researchers said they found the attackers employing a long list of compromised usernames and passwords against at least 75 different websites ranging from banks to video and music streaming to something as trivial as pizza delivery and baby products.
....
Other clips showed the ITG18 group leveraging dummy Yahoo! accounts, which include a phone number with Iran's country code (+98), using them to send the phishing emails, some of which bounced back, suggesting the emails did not reach the victim's inbox.
"During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved on to another set of credentials without gaining access," the researchers said.
....
"The compromise of personal files of members of the Greek and U.S. Navy could be in support of espionage operations related to numerous proceedings occurring in the Gulf of Oman and Arabian Gulf," IBM X-Force researchers concluded. "The group has shown persistence in its operations and consistent creation of new infrastructure despite multiple public disclosures and broad reporting on its activity."
https://thehackernews.com/2020/07/irani ... ideos.html
