Posted on May 19, 2018 at 3:53 PM
A vigilante hacker recently stole data belonging to a hacking group called ZooPark. The group is allegedly connected to the Iranian government. Upon receiving $1,000 payment, the hacker decided to publish the data online.
Vigilante hacker hits cyberespionage group
According to recent reports, an unknown hacker has managed to infiltrate systems belonging to the cyberespionage group which is supposedly linked to the government. Researchers claim that the stolen data included phone calls, texts, as well as GPS locations which the group took from their alleged victims. Upon obtaining the data in question, the vigilante hacker decided to publish it publically.
It would seem that even the hackers working for the government itself are not untouchable, and will have to face consequences for their actions. Especially when those actions are publically displayed for everyone to download and see.
The hacker who stole the data has announced on Monday that they will publish the data on a public domain within 48 hours. The hacker requested that someone pays $1,000 worth of Bitcoin (BTC) in order to publish the data, and they apparently got their wish. The released files are seemingly legitimate, as they are in line with previously obtained information.
According to researchers, the published files came from a server owned by the ZooPark group. This is a hacking unit revealed earlier this month by researchers from Kaspersky. The link to ZooPark was confirmed after comparing the stolen materials with Kaspersky researchers’ reports.
The report claims that the hacking group has targeted victims in various countries, including Morocco, Egypt, Iran, Jordan, and Lebanon. These results are confirmed by the GPS locations of the victims that came from the stolen files.
According to the vigilante, ZooPark might be a group based in Iran, which is something that researchers managed to conclude on their own as well. Unfortunately, Kaspersky did not manage to connect ZooPark to any other known hacking group so far.
ZooPark’s attack method
ZooPark managed to target its victims via Android malware. To install the malware on users’ devices, they sometimes tricked them into installing fake apps. Another method that they used was infecting users with malware via malicious websites.
Thanks to this anonymous hacker, the data is now completely accessible by anyone. This includes any nation, security researchers, as well as the group’s very targets. Anyone can see what was obtained via malicious attacks, which is not something which usually happens in these situations. More often than not, the data would be sold on Dark Web or would be kept by various intelligence agencies that made a deal with the hackers responsible for the theft.
Exposing the data like that might reveal various information, such as the identity of terrorists or other legitimate targets. Unfortunately, this will also expose privacy of regular users who were perhaps randomly targeted. The data suggests that at least one of the devices that the hackers have targeted may have a connection to the Islamic State website. It is currently unknown why the website was visited, but there is definitive proof that the user of the device at the very least went there.