Home » News » Google Reveals Iranian Government Backed Tool In Espionage

Google Reveals Iranian Government Backed Tool In Espionage

(Image Credit Google)
 A tool used by Charming Kitten, an Iranian government-backed hacker, was discovered by Google. Charming Kitten is a Iranian government cyberwarfare group that has added a new tool to its malware which retrieves data from Gmail, Microsoft Outlook, and Yahoo accounts. According to TAG, the software is supposed to have been used against 24 accounts with a sample that is the oldest, dating back to 2020 which was discovered in December 2021. Charming Kitten is a APT (Advanced Persistent Threat) which is supposed to be connected to the Islamic Revolutionary Guard Corps and is involved in spying at the behest of the government. Labeled as Cobalt Illusion, APT35, ITG18, TA453, Yellow Garuda, and Phosphorous, have carried out malicious attacks suggestive that their motive is money and spying. A Google TAG researcher Ajax Bash said."HYPERSCRAPE requires the victim's account credentials to run using a valid, authenticated user session the attacker has hijacked, or credentials the attacker has already acquired.” HYPERSCRAPE comes with functions to download and export the data from the victims emails. The tool is written in .NET which is made to run on the attacker's Windows machine and is capable of deleting warning emails sent by Google to the mail recipients of suspicious activity. The tool opens and downloads the unread email as .eml file and again marks it as unread. The HYPERSCRAPE in its earlier versions had an option to request data from Google Takeout. In this feature, the user could download data to the file that is downloadable and archived. Bash said the accounts that were affected have been secured and the victims were notified. He added, "Like much of their tooling, HYPERSCRAPE is not notable for its technical sophistication, but rather its effectiveness in accomplishing Charming Kitten's objectives," They discovered a C++ Telegram grabber tool by PwC which is used against locals to gain access to the contacts from some accounts and Telegram data. LittleLooter, a custom android surveillanceware was installed by the group earlier. This tool was used to gather sensitive information which is stored in the compromised devices and could be used in recording audio and video and to make calls.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!


In the ever-changing world of technology and retai...


In a bid to capture the attention of users and dri...


Apple is preparing for a game-changing move with i...


Google has been making huge headways in artificial...


Elon Musk's artificial intelligence firm, xAI, is ...


In a digital showdown that has captured the attent...