Mystery group spills the beans on APT34 aka OilRig
- The Lab Dookhtegan group used a Telegram channel to reveal details about OilRig's tools, tactics, and infrastructure.
- The group published code for six tools used by the APT, as well as elaborated on the victims targeted by OilRig.
Threat actor group APT34, which is backed by the Iranian government, got a taste of its own medicine recently after a group of hackers exposed its infrastructure and tools. A group known as Lab Dookhtegan has disclosed privy information regarding APT34, on a Telegram channel. The group has put out a collection of tools, intrusion points of victims’ targeted, IP addresses along with identities and photographs of the persons behind APT34.
- Lab Dookhtegan also revealed names and phone numbers of persons belonging to Iran’s Ministry of Intelligence.
- The information leaks started from March 26 and consisted of source-code for tools, URLs and web shells of numerous organizations, and login credentials of targeted entities.
- The six tools of APT34 revealed by the group were Poison Frog, Glimpse, HyperShell, HighShell, Fox Panel, and Webmask. The code for these tools was also published.
- Lab Dookhtegan also disclosed details about OilRig’s victims. Most of them were discovered to be government agencies and firms from the Middle East.
Lab Dookhtegan has also warned that it would be releasing more information on a regular basis and has lashed out at the Iranian government.
“We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks. We hope that other Iranian citizens will act for exposing this regime’s real ugly face!," was the message left on the Telegram channel.