Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by chromas on Friday July 17 2020, @04:44AM   Printer-friendly
from the 'accidentally' dept.

MFA

Iranian Spies Accidentally Leaked Videos of Themselves Hacking:

When security researchers piece together the blow-by-blow of a state-sponsored hacking operation, they're usually following a thin trail of malicious code samples, network logs, and connections to faraway servers. That detective work gets significantly easier when hackers record what they're doing and then upload the video to an unprotected server on the open internet. Which is precisely what researchers at IBM say a group of Iranian hackers did.

[...] The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims.

[...] But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

"We don't get this kind of insight into how threat actors operate really ever," says Allison Wikoff, a senior analyst at IBM X-Force whose team discovered the videos. "When we talk about observing hands-on activity, it's usually from incident response engagements or endpoint monitoring tools. Very rarely do we actually see the adversary on their own desktop. It's a whole other level of 'hands-on-keyboard' observation."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by c0lo on Friday July 17 2020, @10:25AM (1 child)

    by c0lo (156) Subscriber Badge on Friday July 17 2020, @10:25AM (#1022824) Journal

    Don't these people have any bit of self respect? Call yourselves "X-Force?"

    You remember that for quite time the IBM's policy was to fire the expensive oldies and, over time, "rejuvenate" their workforce?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by coolgopher on Friday July 17 2020, @12:13PM

    by coolgopher (1157) on Friday July 17 2020, @12:13PM (#1022861)

    We don't talk about the ex-force here.