By Shahriar Kia
A Telegram channel called Read My Lips has been revealing the secrets of Iranian Regime-affiliated hacker team APT34, also known as OilRig, over the past few weeks.
On March 25, the public Telegram channel began posting about APT34’s secret data, tools, evidence of their infiltration of at least 66 organizations around the world, and even the identities of its members.
Read My Lips wrote: “We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighbouring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks. We hope that other Iranian citizens will act for exposing this regime’s real ugly face!”
They vowed to make posts every few days with the intent of destroying the Ministry of Intelligence (MOIS) and claimed to have destroyed the control panels of APT34’s hacking tools and wiped their servers clean, so they would have to start again from scratch.
Read My Lips wrote: “We have more secret information about the crimes of the Iranian Ministry of Intelligence and its managers. We are determined to continue to expose them. Follow us and share!”
These leaks are of vital importance to security agencies in other nations because it allows them to track which hacks on their government or companies can be attributed to the Iranian Regime, either through the infiltration list or by tracking the hacking tools used.
This includes the “DNSpionage” malware uncovered last year by several security firms, which targeted dozens of organizations across the Middle East and altered their DNS registries to redirect incoming internet traffic to a different server. There, hackers could intercept it and steal login data.
The organisations named on the list include, but are not limited to:
• Abu Dhabi’s airports
• Etihad Airways
• A South Korean gaming company
• the Solidarity Saudi Takaful Company, a Saudi Arabian insurance firm
• the National Security Agency of Bahrain
• a Mexican government agency
Brandon Levene, head of applied intelligence at the security firm Chronicle, said: “We don’t often get a look into state-sponsored groups and how they operate. This gives us some idea of the scope and scale of this group’s capabilities.”
It seems clear that in response to this hacking by the Iranian Regime, the world should increase the pressure on the mullahs, specifically by sanctioning the MOIS and designating a terrorist group; something suggested by Iranian Resistance Leader Maryam Rajavi repeatedly over the years.