Iranian Spies Accidentally Leaked Videos of Themselves Hacking
IBM’s X-Force security team has revealed that they have gained access to five hours of video footage that depict hacking group ITG18, an Iranian threat actor group also known as APT35 or Charming Kitten, performing cybercrimes. The video, according to IBM, seems to be recorded directly from the screens of hackers working for the group. Charming Kitten is one of the most active and sophisticated state-sponsored hacking groups linked to the government of Iran. The video footage was allegedly found among 40 GB of data hackers stole from victim accounts. The data leads researchers to believe that the hackers may have targeted US State Department staff and US and Greek military personnel.
The videos were found when IBM researchers discovered a misconfigured virtual private cloud server they had been observing for activity from the group. Within just a few days, all of the files were uploaded to the exposed server as IBM monitored. The videos, according to experts, appear to be hacking demonstrations to show new members how to handle hacked accounts, depicting compromised Gmail and Yahoo mail accounts. Although the hacking demonstrated in the video is less sophisticated and more labor-intensive, the work is likely a part of a larger scale phishing operation. The video also offers a first-hand view of state-sponsored hacking.