Iran (APT34): Lab Dookhtegan, who previously leaked six Iranian hacking tools earlier this year, has leaked yet another tool on Telegram this week which is believed to be from an Iranian threat actor. According to Lab Dookhtegan the tool, which is named Jason, belongs to the Iranian Ministry of Intelligence. Jason is a tool designed for brute-forcing accounts on Microsoft Exchange servers using a pre-compiled list of usernames and passwords. The tool was compiled all the way back in 2015. While the other tools which have been previously published by Lab Doohtegan had been previously seen in the wild by researchers, Jason, appears to be completely new to the researchers who have analyzed it so far.
Analyst Notes
It is believed that Lab Dookhtegan is or was an agent of a foreign intelligence service who is likely attempting to expose the extensive activities of Iranian cyber-actors.
