Hacker Revealed Hacking Tools and Operations Carried Out By Iran’s Elite Cyber-Espionage Units

2019, April, Breaches

Who: Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.

# of Accounts Breached: 66 victims

What was affected: Usernames and password combos to internal network servers info and user IPs.

When it happened: April 17, 2019

How it happened: In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten. The tools have been leaked since mid-March on a Telegram channel by an individual using the Lab Dookhtegan pseudonym.
Besides hacking tools, Dookhtegan also published what appears to be data from some of APT34’s hacked victims, mostly comprising of a ​username and password combos that appear to have been collected through phishing pages.

Outcome: The data leaked on this Telegram channel is now under analysis by several cyber-security firms. It has also made its way on other file sharing sites, such as GitHub.