Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts

admin by admin
August 23, 2022
in Ethical Hackers


The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts.

Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known sample dating back to 2020. The tool was first discovered in December 2021.

Charming Kitten, a prolific advanced persistent threat (APT), is believed to be associated with Iran’s Islamic Revolutionary Guard Corps (IRGC) and has a history of conducting espionage aligned with the interests of the government.

CyberSecurity

Tracked as APT35, Cobalt Illusion, ITG18, Phosphorus, TA453, and Yellow Garuda, elements of the group have also carried out ransomware attacks, suggesting that the threat actor’s motives are both espionage and financially driven.

“HYPERSCRAPE requires the victim’s account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired,” Google TAG researcher Ajax Bash said.

Written in .NET and designed to run on the attacker’s Windows machine, the tool comes with functions to download and exfiltrate the contents of a victim’s email inbox, in addition to deleting security emails sent from Google to alert the target of any suspicious logins.

Should a message be originally unread, the tool marks it as unread after opening and downloading the email as a “.eml” file. What’s more, earlier versions of HYPERSCRAPE are said to have included an option to request data from Google Takeout, a feature that allows users to export their data to a downloadable archive file.

CyberSecurity

The findings follow the recent discovery of a C++-based Telegram “grabber” tool by PwC used against domestic targets to obtain access to Telegram messages and contacts from specific accounts.

Previously, the group was spotted deploying a custom Android surveillanceware called LittleLooter, a feature-rich implant capable of gathering sensitive information stored in the compromised devices as well as recording audio, video, and calls.

“Like much of their tooling, HYPERSCRAPE is not notable for its technical sophistication, but rather its effectiveness in accomplishing Charming Kitten’s objectives,” Bash said. The affected accounts have since been re-secured and the victims notified.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

hoe je NHL.tv van waar dan ook kunt kijken

Next Post

System Informer – A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

Next Post

System Informer - A Free, Powerful, Multi-Purpose Tool That Helps You Monitor System Resources, Debug Software And Detect Malware

Recommended

Hackers Use ModernLoader to Infect Systems with Stealers and Cryptominers

5 months ago

First Iteration Of ML Based Feedback WAF

3 months ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.