‘Disgruntled Insider’ or Shadow Brokers? Someone’s Doxing Hacking Group ‘OilRig’
For nearly a month, an unknown party has been leaking key tools used by the hacker group APT34, or OilRig, onto the internet, along with the personal information of some of the group’s top management. Is it a “disgruntled insider,” or is this another Shadow Brokers-type attack, like the US National Security Agency experienced in 2016?
In August 2016, an entity calling itself the Shadow Brokers stole some of the NSA's best hacking tools and sold them on the internet. Now, however, the hacking group OilRig, a group long purported to be part of the Iranian Ministry of Intelligence, is under attack, but this time the hackers are dumping folks' identities, too — and they're doing it for free.
"We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran's neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks," reads a message posted to the Telegram channel Read My Lips by the hackers on March 25. "We hope that other Iranian citizens will act for exposing this regime's real ugly face!"