Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsWikileaks and iranian hackers attacking Saudi-Arabia shared an internet-server in Moscow.
https://www.thedailybeast.com/moscow-server-hosted-wikileaks-and-irans-hackers-weeks-apart?ref=homeNew research from computer security analysts dangles the possibility of a link between WikiLeaks and Iranian government hackers, by way of a server in Moscow that was used by both within a span of weeks.
The research by Virginia-based ThreatConnect involves a notorious hacking campaign that targeted more than 500 diplomats, journalists, human rights workers, scientists, and researchers, primarily in the Middle East. The hackers used spear phishing to lure targets into installing malware or entering their passwords into a fake login page.
...
The Israeli security company ClearSky detected the campaign in May 2015, and from a number of clues attributed it to the hacking organization Rocket Kitten, also known as APT33, which has been linked to the government of Iran.
ThreatConnects three-page report connects some tentative dots between that attack, which targeted Saudi Arabia more than any other country, and WikiLeaks release a few weeks later of hundreds of thousands of diplomatic cables taken from Saudi Arabias foreign ministryand suggests that WikiLeaks may have worked with Rocket Kitten to engineer its own leak.
...
Two weeks after the Saudi release, WikiLeaks began growing its infrastructure and expanded its website hosting onto a rented server in Moscow.
And thats what got ThreatConnects interest. The IP address of WikiLeaks new server in July 2015 had last been seen in May 2015 hosting the website login-users[.]com, a fake Google Drive login page used in the Rocket Kitten phishing attacks.
Under some circumstances, a single IP address can host thousands of websites in a low-cost shared hosting arrangement. But thats not the case here. This IP was part of a range of dedicated HostKey servers, notes the report. This indicates that a single actor or collective had control over the infrastructure hosted at this IP.
That suggests to the researchers that WikiLeaks may have hosted the phishing site itself to help out Irans hackers, perhaps in exchange for the leaked cables, just as Assange allegedly helped Manning.
The research by Virginia-based ThreatConnect involves a notorious hacking campaign that targeted more than 500 diplomats, journalists, human rights workers, scientists, and researchers, primarily in the Middle East. The hackers used spear phishing to lure targets into installing malware or entering their passwords into a fake login page.
...
The Israeli security company ClearSky detected the campaign in May 2015, and from a number of clues attributed it to the hacking organization Rocket Kitten, also known as APT33, which has been linked to the government of Iran.
ThreatConnects three-page report connects some tentative dots between that attack, which targeted Saudi Arabia more than any other country, and WikiLeaks release a few weeks later of hundreds of thousands of diplomatic cables taken from Saudi Arabias foreign ministryand suggests that WikiLeaks may have worked with Rocket Kitten to engineer its own leak.
...
Two weeks after the Saudi release, WikiLeaks began growing its infrastructure and expanded its website hosting onto a rented server in Moscow.
And thats what got ThreatConnects interest. The IP address of WikiLeaks new server in July 2015 had last been seen in May 2015 hosting the website login-users[.]com, a fake Google Drive login page used in the Rocket Kitten phishing attacks.
Under some circumstances, a single IP address can host thousands of websites in a low-cost shared hosting arrangement. But thats not the case here. This IP was part of a range of dedicated HostKey servers, notes the report. This indicates that a single actor or collective had control over the infrastructure hosted at this IP.
That suggests to the researchers that WikiLeaks may have hosted the phishing site itself to help out Irans hackers, perhaps in exchange for the leaked cables, just as Assange allegedly helped Manning.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
3 replies, 579 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (3)
ReplyReply to this post
3 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Wikileaks and iranian hackers attacking Saudi-Arabia shared an internet-server in Moscow. (Original Post)
DetlefK
Apr 2019
OP
watoos
(7,142 posts)1. Is this a lead up to attacking Iran?
What is that supposed to mean?
Blue_Tires
(55,445 posts)3. Greenwald and Snowden were unavailable for comment