Rarely are there opportunities to understand how the operator behaves behind the keyboard, and even rarer still are there recordings the operator self-produced showing their operations. But that is exactly what X-Force IRIS uncovered on an ITG18 operator whose OPSEC failures provide a unique behind-the-scenes look into their methods, and potentially, their legwork for a broader operation that is likely underway.
What IBM X-Force IRIS Found
During a three-day period in May 2020, IBM X-Force IRIS discovered the 40 GBs of video and data files being uploaded to a server that hosted numerous ITG18 domains used in earlier 2020 activity. Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts.
Among the information IBM X-Force IRIS uncovered were:
- In nearly five hours of videos, an ITG18 operator searching through and exfiltrating data from various compromised accounts of a member of U.S. Navy and a personnel officer with nearly two decades of service in Hellenic Navy. Using these accounts could allow the operator to obtain other data on military operations of potential interest to Iran.
- Failed phishing attempts targeting the personal accounts of an Iranian-American philanthropist and officials of the U.S. State Department.
- Personas and Iranian phone numbers associated to ITG18 operators
Read Full report Here
No comments:
Post a Comment