New OilRig APT Group Email Hacking Tool Leaked Online
A tool to hack Microsoft Exchange email accounts allegedly used by the OilRig hacker group has been leaked online. The utility is called Jason, and it is not detected by the anti-virus engines on VirusTotal.
The post took place a few hours ago on the Telegram channel of the person responsible for the leak, claiming that it is being used by the Iranian government “to hack e-mails and steal information.”
Simple brute force attack tool
Jason email hacking tool works by trying different login passwords until it finds the right one. Brute-force activity is facilitated by a list of sample passwords and four text files containing digital models.
Omri Segev Moyal, co-founder and vice president of research at Minerva Labs, analyzed Jason’s email hijacking tool, noting that it “appears to be a relatively straightforward brute force attacker against services. online exchange “.
VirusTotal’s scan reveals that the utility was compiled in 2015. At the time of writing, it bypasses all detection engines available in the Scan Service.
OilRig, also known as APT34 and HelixKitten, is a group linked to the Iranian government. Using the alias Lab Dookhtegan, someone began disclosing information about OilRig on March 26, the tools he used in hacking operations, and the contact details of personnel believed to work at Iran’s Ministry of Intelligence and Justice. security (VEVAK).
Previous tools published by Lab Dookhtegan have been confirmed by experts in the infosec industry as part of the arsenal used by the threat actor APT34 / OilRig.
The direct effect on the release of these hacking tools is an interruption of the adversary’s future operations. Security companies have already developed detections for them, but that does not mean that they will no longer be used in attacks.
Cybercriminals quickly seize any new source that could allow them to sustain and diversify their business. They now have access to new tools that they can modify or use as inspiration to create new malware. From now on, seven tools associated with the OilRig group are accessible to the public:
– 2 PowerShell-based backdoors: Poison Frog and Glimpse – both are versions of a tool called BondUpdater, according to Palo Alto Networks
– 4 web shells: HyperShell and HighShell, Fox Panel and Webmask (the DNSpionage tool analyzed by Cisco Talos)
– Jason email hacker tool for Microsoft Exchange accounts