Iranian Cyber Army behind TechCrunch Europe hack?
Political hacking might give the perpetrators a sense of accomplishment and some personal satisfaction, but will rarely bring them money. Since they obviously already have the knowledge, it is very likely that these political hacktivists often misuse them to earn themselves a living through cyber crime.
In 2009, the “Iranian Cyber Army” hacked Twitter, Baidu, and several other popular websites to express their discontent over the US embargo on Iran. A month ago, TechCrunch’s European website was hacked and was redirecting the readers to a server where a vulnerability in their system was exploited in order to install malware on it.
At first glance, nobody would tie all those events to the same attackers but – as Seculert researchers seem to have discovered – the “Iranian Cyber Army” is also involved in more lucrative types of attacks.
A deeper investigation into the server used to compromise those users revealed that it was using an exploit kit to try to take advantage of various vulnerabilities in the targeted systems. The discovery of its administration panel and a statistics page further revealed a number of things:
- The administration panel sports the Iranian.firstname.lastname@example.org e-mail address – the same that was put on the defaced pages back in 2009. Also, the source code of the statistics page is “signed” with the name of the group.
- The exploit kit used seems to be one of a kind, resembling nothing that is currently being sold on online markets.
- The number of machines infected by using this particular exploit kit and server could – in theory – reach 20 millions. Even if the number is nowhere near that, it still gives them a botnet large enough to lease to other cyber crime gangs or to use it for their own nefarious purposes.