Incident response services, known briefly as IBM, acquired nearly five hours of videos of Iran-linked piracy group ITG18.
The videos included personal accounts of members of the US Navy and the Greek Navy, as well as unsuccessful phishing attempts directed against US State Department officials and an unnamed benefactor of Iranian-American nationality.
"Some videos showed the operator managing accounts he created for phishing, while others showed the operator testing access and transmitting data from previously hacked accounts," the researchers said.
"They found the videos on a private virtual cloud server, where their security settings were not well-protected," said IBM researchers. Also included in the server contents were many of the site domains that ITG 18 used earlier this year, on more than 40 GB of data.
The detected video files show that the group had access to goals email and social media credentials obtained through phishing techniques using spear, using information to log into accounts, deleting suspicious logins notifications so as not to alert victims, and the ability to access photos And documents from Google Drive.
Besides, the videos captured with the special screen recording tool show that behind the process they connected the victims' credentials to the Zimbra e-Collaboration Program which aims to monitor and manage compromised email accounts.
The researchers said they found that the attackers were using a long list of hacked usernames and passwords against at least 75 different websites, ranging from banks to video and music broadcasting sites to pizza delivery sites and baby products.
ITG18 also has a long history of targeting military, diplomatic and governmental personnel in the United States and the Middle East to collect intelligence and spyware to serve Iran's geopolitical interests, the researchers say.
"IBM X-Force researchers concluded that" the personal files of members of the Greek navy and the United States can support espionage operations related to many of the actions that take place in the Gulf of Oman and the Persian Gulf, "adding that the group" showed stability in its operations and development. " Ongoing for the new infrastructure. "