Source, with a lot more details: <a href="https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/" rel="nofollow">https://securityintelligence.com/posts/new-research-exposes-...</a>
The methods described seem to be pretty basic. I'm surprised that copy pasting passwords and manually connecting a email account to zimbra would be part of a training video (and not completely automated using more sophisticated tools than zimbra).<p>> X-Force IRIS security team obtained the 40GB cache of data as it was being uploaded to a server<p>Wut? That makes it sound like it was uploaded over an unencrypted channel.<p>Is this really the level that state sponsored hackers are on? Unencrypted uploads, manual copy-paste of passwords and free versions of bandicam?<p>Given the above I wouldn't be surprised if it was intentionally leaked to make them seem like less of a threat.
So assuming these was all on private space, it’s interesting that IBM has read customers data! Or, maybe these particular servers were only monitored because they are associated to hacking groups?
Thoughts on what advantage you get from know which tools your adversaries are using as good targets to inject with backdoors assuming state actor resources?