New Threat Research: Analyzing CryptoJS Encrypted Phishing Attempt 

Read Threat Research

Search

Another Iranian Tool Leaked on Telegram

Iran (APT34): Lab Dookhtegan, who previously leaked six Iranian hacking tools earlier this year, has leaked yet another tool on Telegram this week which is believed to be from an Iranian threat actor.  According to Lab Dookhtegan the tool, which is named Jason, belongs to the Iranian Ministry of Intelligence.  Jason is a tool designed for brute-forcing accounts on Microsoft Exchange servers using a pre-compiled list of usernames and passwords.  The tool was compiled all the way back in 2015.  While the other tools which have been previously published by Lab Doohtegan had been previously seen in the wild by researchers, Jason, appears to be completely new to the researchers who have analyzed it so far.

Analyst Notes

It is believed that Lab Dookhtegan is or was an agent of a foreign intelligence service who is likely attempting to expose the extensive activities of Iranian cyber-actors.