Threat analysts hit the cyber intel mother lode after uncovering a 40GB data leak that included training videos shedding light on the activities of an Iranian advanced persistent threat group.
In a company blog post this week, IBM X-Force Incident Response Intelligence Services (IRIS) said that the leaked assets were the result of an OPSEC error on the part of an operator belonging to the threat group known as ITG18, whose TTPs overlap with fellow reputed Iranian ATPs Charming Kitten and Magic Hound (aka Phosphorous and Rocket Kitten). IRIS discovered the contents in May 2020, as the operator uploaded the files to a server known to host ITG18 domains, according to the post, authored by IBM analysts Allison Wikoff and Richard Emerson.
The video footage consists of a series of desktop recordings, and includes an ITG18 operator exfiltrating data from a U.S. Navy member and a Hellenic Navy officer, and launching unsuccessful phishing attempts against the U.S. State Department. Perhaps most important for law enforcement investigations: the videos show personas and Iranian phone numbers apparently linked to the threat group’s member ..
Support the originator by clicking the read the rest link below.
