Tech

New Iranian hacking tool leaked on Telegram

New Iranian hacking tool is named Jason and can be used to brute-force Microsoft Exchange email servers.

Written by Catalin Cimpanu, Contributor June 3, 2019 at 10:33 a.m. PT

A new hacking tool believed to have been in the arsenal of Iranian state hackers has been published today online, in a Telegram channel.

See als

10 dangerous app vulnerabilities to watch out for (free PDF)

Responsible for this leak is the same individual who, in April, leaked the source code of six other Iranian hacking tools, along with information on past hacked victims, and the real-world identities of members of Iranian government hackers.

This new tool is named Jason and was published online earlier today in the same Telegram channel where the leaker -- going by the name of Lab Dookhtegan -- dumped the six other previous hacking tools.

According to security researcher Omri Segev Moyal, the Jason tool is a GUI utility for brute-forcing Microsoft Exchange email servers using pre-compiled lists of username and password combos.

Moyal says the tool has been compiled way back in 2015, meaning Iranian hackers have used it for at least four years for their operations.

The six tools that have been previously leaked in April all belonged to an Iranian cyber-espionage group known under codenames such as APT34, Oilrig, or HelixKitten -- believed to be composed of members of the Iranian Ministry of Intelligence (MOIS).

But while the tools leaked in April had been seen in previous attacks before, the Jason tool that was shared today is completely new, at least for the security researchers who analyzed it today.

As for what Lab Dookhtegan has been up to since April, the leaker has been doxxing Iranian intelligence agents, sharing their real names, social media profiles, phone numbers, or personal photos, on an almost daily basis.

While initially it was believed that Lab Dookhtegan was a former insider, the new consensus is that this is the online persona of a foreign intelligence agency who is trying to expose Iranian hacking efforts in attempts to damage the country's cyber-espionage operations, as long as its political connections with neighbors and allies.

But Lab Dookhtegan wasn't the only leaker. In May, another leaker also shared details about another Iranian hacking unit named MuddyWater. The leaker linked MuddyWater operations to an Iranian organization known as the Rana Institute.