In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.
The hacking tools are nowhere near as sophisticated as the NSA tools leaked in 2017, but they are dangerous nevertheless.
Victim data also dumped online
The tools have been leaked since mid-March on a Telegram channel by an individual using the Lab Dookhtegan pseudonym.
Besides hacking tools, Dookhtegan also published what appears to be data from some of APT34’s hacked victims, mostly comprising of username and password combos that appear to have been collected through phishing pages.
ZDNet was previously aware of some of these tools and victim data after this reporter received a tip in mid-March. In a Twitter DM, a Twitter user shared some of the same files that were discovered today on Telegram, and we believe that this Twitter user is the Telegram Lab Dookhtegan persona.
Image: ZDNet × apt34-twitter.png
In our Twitter conversation, the leaker claimed to have worked on the group’s DNSpionage campaign,