A mysterious group of hackers have revealed details about the inner workings of a well-known Iranian cyber-espionage group recognized mostly in the security community as APT34.
Knowledge of APT34’s activities came to the fore some two years ago when U.S.-based cyber researchers began tracking hacks emanating from Iran. According to the best estimates, APT34 has been active since at least 2014.
Using the online name Lab Dookhtegan, the vigilante hackers used a Telegram channel to dump information about APT34’s infrastructure, hacking tools, members, as well as the group’s targets.
Details of the information revealed are still under speculation. Reportedly, the data is under review by prominent cyber firms from the private sector such as Alphabet’s Chronicle. The exact nature of the information leak aside, the very fact that APT34 was successfully hacked is important for more big-picture reasons.
For one, APT34 is an arm of the Iranian government, not just some punks in a garage in Tehran. The fact that the group could be penetrated undermines the regime’s data security, and could also lead to some telling revelations about the regime’s tradecraft on espionage. This would be an important win for Iran’s adversaries, considering the rise in threat of the regime’s hackers targeting Western infrastructure over the past year.
As for the identity of the so-called Lab Dookhtegan group that breached APT34, experts are still guessing. One theory is that behind the leak are opponents of the Iranian regime, perhaps Iranian oppostion movements in exile, of which there are a few.