Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online

  /     /     /  
Publicated : 23/11/2024   Category : security


Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online


Online food ordering service and insurance firms hit by mystery hackers using the moniker irleaks.



Cybercriminals broke into the systems of 23 leading Iranian insurance firms and SnappFood, Irans leading online food ordering service, dumping millions of user profiles.
The sample from the insurers leak

included names, phones, identity numbers, addresses, passport numbers, and other sensitive details from the insurance companies including Kowsar, Atieh, Asia, and Alborz.
Security researchers
at Israel-based threat intel firm Hudson Rock, who discovered the data dump, confirmed that the data appears to be genuine.
After the attack on the insurance firms, the attackers — operating under the alias irleaks (presumably indicating Iran Leaks) — boasted that they had broken into the systems of SnappFood, Irans leading online food ordering service, and claiming to have exfiltrated 3TB of highly sensitive data.
This data is said to include data from 20 million user profiles (emails, passwords, phone numbers), 51 million users addresses and 600,000 credit card records.
Snappfood issued a
holding statement
a day later, saying that it was was working with local police agencies to identify and remove the source of pollution caused by the actions of this hacking group.
Hudson Rock researchers determined that a computer used by a Snappfood employee — most likely a software developer — was recently infected by the StealC info-stealer. Although unconfirmed as the source of the attack, the malware created a conduit through which sensitive data may have been extracted.
The infection of this employees computer resulted in many sensitive credentials of the organization being accessible to some hackers and may have been used as an initial attack vector against the company, Hudson Rock explained in its blog post. Some of the data includes login details to the companys Confluence server, Jira server, and other development related URLs.
The motives behind the twin attacks remain unclear but circumstantial evidence points towards cyber espionage rather than profit-driven cybercrime, according to Hudson Rock.
Given the extensive involvement of leading companies in the breaches, the carefully curated samples, and that the threat actors account is new to the forum, it seems probable that this is a state-sponsored attack intending to sow internal chaos within Iran, says Alon Gal, CTO at Hudson Rock. However, its also plausible that its a sophisticated threat actor who adeptly infiltrated multiple organizations within Iran.
The most likely cause of the initial StealC infection came from a software developer at Snappfood downloading a software package infected by the malware, a pattern in previous similar attacks. But that remains unconfirmed and some form of spear phishing attack or other unknown vector may well be to blame.
The StealC type info stealer that infected an employee at SnappFood is a probable initial attack vector that may have been used in the attack, though we cant know this for certain, Hudson Rocks Gal explained. Threat actors often take advantage of corporate credentials that are stolen by info stealers, and in the case of this SnappFood compromised employee Hudson Rock did identify many sensitive credentials that could have been used against the organization.
StealC has
featured in malware-spreading campaigns
by cybercriminals looking to infect as many computers as possible. These groups (sometimes known as
initial access brokers
) resell any compromised credentials to often more experienced threat actors whose expertise is in identifying critical credentials, and infiltrating organizations to perform ransomware attacks, cyberattacks, and account takeovers.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Pilfered Data From Iranian Insurance and Food Delivery Firms Leaked Online