Source code of tools used by malicious hackers from Iran is exposed

Some details about the hacking campaigns deployed by OilRig, a group of malicious hackers linked to the Iranian government have been revealed by a hacker group self called Lab Dookhtegan, reported cyber security service specialists.

OilRig is a group of advanced persistent threats (APT) linked to Iran regime active at least since 2014. The main victims of this group are financial and government organizations, besides power, telecommunications and pharmaceutical companies in the U.S. and some countries in the Middle East.

According to cyber security service specialists, Lab Dookhtegan hackers published information on OilRig hacking campaigns and infrastructure on a Telegram channel; the leaked information contained data such as the names of the members of the hacker group, tools used, and IP addresses and domains involved in the attacks.

Most likely, the group in charge of these leaks seeking to disrupt OilRig hacking operations is backed by a state actor opposed to the Iranian regime.

In addition, Lab Dookhtegan leaked the source code of some hacking tools used by OilRig, among which include:

  • Glimpse, a PowerShell-based Trojan
  • PoisonFrog, an earlier version of Glimpse
  • Jason, an email hacking tool
  • Hypershell, a web shell also known as TwoFace
  • Fox Panel, a phishing tool

However, among the leaks, specialists in cyber security service believe that the most outstanding is Jason, an email hacking tool. Lab Dookhtegan hackers claim that OilRig uses this tool to hijack Microsoft Exchange email accounts and has a 0% detection rate among the most popular anti-malware tools.

Jason is employed by OilRig to launch brute force attacks using a dictionary of sample passwords and four text files that contain numeric patterns to decrypt the passwords of Exchange users. According to figures from the International Institute of Cyber Security (IICS), since it was discovered the Jason tool has only been detected by 7 out of 71 anti malware solutions.

Experts consider that the leaking of this hacking tools will enable anti malware companies to perform extensive analysis and improve existing mechanisms for their detection; although on the other hand, malicious hacker groups have access to this information as well, which could represent an increase in attack campaigns with these tools.