In April, a hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as
Now the group released a tool that was allegedly used by OilRig “for hacking emails and stealing information.”
OilRig is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical sectors in the United States and Middle Eastern countries.
The new tool could be used to hijack Microsoft Exchange email accounts, it was dubbed Jason and currently, it is has a detection rate of 0 on VirusTotal.
The Jason email hijacking tool works is used by threat actors to carry out brute-force attacks using a dictionary of password samples and four text files containing numerical patterns.
According to VirusTotal the sample was compiled in 2015 and at the time of writing it is detected only by 7 out of 71 antivirus solutions.
The leak of the hacking tools allowed security firms to analyze them and implements the rules for their detection.
On the other side, hackers could use these tools to carry out the attacks making hard their attribution.
You can find further info on the Jason tool in a blog post published by Omri Segev Moyal, the co-founder at Minerva Labs.
(SecurityAffairs – OilRig, Jason email hijacking tool)