A screenshot from a leaked video of Iranian hackers demonstrating how to exfiltrate emails from a Yahoo account using the email management tool Zimbra.Screenshot: IBM
Wired: Iranian Spies Accidentally Leaked Videos of Themselves Hacking
IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.
When security researchers piece together the blow-by-blow of a state-sponsored hacking operation, they're usually following a thin trail of malicious code samples, network logs, and connections to faraway servers. That detective work gets significantly easier when hackers record what they’re doing and then upload the video to an unprotected server on the open internet. Which is precisely what researchers at IBM say a group of Iranian hackers did.
Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including US and Greek military personnel. Other clues in the data suggest that the hackers targeted US State Department staff and an unnamed Iranian-American philanthropist.
Read more ....
Update #1: Iranian cyberspies leave training videos exposed online (ZDNet)
Update #2: Big Leak Reveals Iran Targeting US Military With Super Speedy Google Account Hacks (Forbes)
WNU Editor: These videos were uploaded by Iran's hacking team for training purposes. Where they clearly miscalculated and/or underestimated was the ability of US security specialists to monitor and to retrieve the same data.