Two new leaks on Iranian cyber espionage operations have been published online via Telegram channels and websites on the Dark Web.
What is exposed in the two new leaks?
About the MuddyWater leak
The Green Leakers group claims to own information about the MuddyWater cyber-espionage group. The group is selling data from the MuddyWater APT group on two Telegram channels and two Dark Web portals.
Since the data was put up for sale, the leakers did not release any tools for free. However, they posted the following,
About the Rana Institute leak
The Rana Institute leak which was written in Persian was published on a website on the public Internet and on a Telegram channel.
Green leakers published excerpts from documents labeled “secret” from the Iranian Ministry of Intelligence. The excerpts contained details of the Rana Institute which is a contractor hired for cyber-espionage operations. The details include,
According to the leaked documents, the targeted countries include Sri Lanka, India, UAE, Dubai, Thailand, Philippines, Hong Kong, Malaysia, Indonesia, Egypt, South Africa, New Zealand, Australia, and Colombia, among others.
“The documents shed light on some aspects of the group's activity, notably: tracking Iranians, tracking Iranian citizens outside of Iran, and the group's members,” ClearSky said in a report.
The leak also revealed insights on the attacks that were carried out on Israeli airlines' databases, insurance companies, hotel booking websites, and Israeli Ministry of Agriculture.
Unlike the MuddyWater leak, this leak has been verified by security researchers with ClearSky Security.