HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » General Discussion (Forum) » Wikileaks and iranian hac...

Tue Apr 16, 2019, 10:14 AM

Wikileaks and iranian hackers attacking Saudi-Arabia shared an internet-server in Moscow.

https://www.thedailybeast.com/moscow-server-hosted-wikileaks-and-irans-hackers-weeks-apart?ref=home

New research from computer security analysts dangles the possibility of a link between WikiLeaks and Iranian government hackers, by way of a server in Moscow that was used by both within a span of weeks.

The research by Virginia-based ThreatConnect involves a notorious hacking campaign that targeted more than 500 diplomats, journalists, human rights workers, scientists, and researchers, primarily in the Middle East. The hackers used spear phishing to lure targets into installing malware or entering their passwords into a fake login page.

...

The Israeli security company ClearSky detected the campaign in May 2015, and from a number of clues attributed it to the hacking organization “Rocket Kitten,” also known as “APT33,” which has been linked to the government of Iran.

ThreatConnect’s three-page report connects some tentative dots between that attack, which targeted Saudi Arabia more than any other country, and WikiLeaks’ release a few weeks later of hundreds of thousands of diplomatic cables taken from Saudi Arabia’s foreign ministry—and suggests that WikiLeaks may have worked with Rocket Kitten to engineer its own leak.

...

Two weeks after the Saudi release, WikiLeaks began growing its infrastructure and expanded its website hosting onto a rented server in Moscow.

And that’s what got ThreatConnect’s interest. The IP address of WikiLeaks’ new server in July 2015 had last been seen in May 2015 hosting the website login-users[.]com, a fake Google Drive login page used in the Rocket Kitten phishing attacks.

Under some circumstances, a single IP address can host thousands of websites in a low-cost shared hosting arrangement. But that’s not the case here. “This IP was part of a range of dedicated HostKey servers,” notes the report. “This indicates that a single actor or collective had control over the infrastructure hosted at this IP.”

That suggests to the researchers that WikiLeaks may have hosted the phishing site itself to help out Iran’s hackers, perhaps in exchange for the leaked cables, just as Assange allegedly helped Manning.

3 replies, 394 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 3 replies Author Time Post
Reply Wikileaks and iranian hackers attacking Saudi-Arabia shared an internet-server in Moscow. (Original post)
DetlefK Apr 2019 OP
watoos Apr 2019 #1
DetlefK Apr 2019 #2
Blue_Tires Apr 2019 #3

Response to DetlefK (Original post)

Tue Apr 16, 2019, 10:25 AM

1. Is this a lead up to attacking Iran?

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to watoos (Reply #1)

Tue Apr 16, 2019, 10:27 AM

2. What?

What is that supposed to mean?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to DetlefK (Original post)

Tue Apr 16, 2019, 10:32 AM

3. Greenwald and Snowden were unavailable for comment

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread