A security mistake made by Iranian hackers led to the leak of a video of their training. This is the first case that allows you to see the “behind the scenes of their methods.”
IBM has received nearly five hours of video footage of a group of hackers with possibly government ties. Their name is ITG18 (also known as Charming Kitten, Phosphor, or APT35). They use these materials to train their operators. The videos show how hackers are trying to hack into the personal accounts of employees of the U.S. Navy and Greece, as well as unsuccessful phishing attempts directed against officials of the US Department of State.
“In some videos, the operator was managing his accounts, but in others, hackers were checking access and filtering data from previously compromised accounts,” the researchers noted.
IBM researchers added that they found the video on a virtual private cloud server, which turned out to be in their access due to incorrect security settings. The server contained over 40 gigabytes of data.
These videos show that ITG18 had access to email and social media accounts obtained through special phishing. They used the information to log in to their accounts, deleted notifications of suspicious logins in order not to warn their victims, and filtered contacts, photos, and documents on Google Drive.
Hackers also connected the credentials of the victims to email collaboration software. So they together tracked and managed compromised accounts.