The trove of videos was identified by IBM’s X-Force researchers but it is unclear whether it will be shared with the public or not.
According to a report from the X-Force Incident Response Intelligence Services (IRIS) of IBM, an OPSEC error led to the leaking of several videos that demonstrate the modus operandi of the Iranian hackers.
As the researchers claimed that the videos provide “rare insights” into the workings of Iranian state-sponsored hackers dubbed Charming Kitten, ITG18, APT35, or Phosphorus.
The researchers obtained roughly five hours-worth of exclusive footages, which the hackers used to train their junior team members regarding operating hacked email accounts.
One of the videos shows hackers accessing hacked Yahoo Mail and Gmail accounts, downloading their content, and exfiltrating additional Google-hosted data from the victims.
It all makes sense as in December 2018, Charming kitten hackers were found bypassing Gmail and Yahoo’s 2FA (two-factor authentication) to target US officials.
An Iranian phone number associated with the account (Image: IBM X-Force IRIS)
Some footages show hackers managing “adversary-created accounts,” while in others, they are merely accessing/exfiltrating data from already hacked accounts.
The videos also reveal that the hackers could access social media accounts of their targets via leaked videos expose iranian hackers hijack email accounts
