DETAILS/ What technique did Iranian hackers use to steal data from the state system

Top Channel has secured the file of five people accused of abuse of office, after the cyber attack from Iran.

According to the journalist's sources, Anila Hoxha, they used the same cyber technique, as in the Saudi Arabian attack that occurred in June 2021.

According to the file, a cyber tool created by the Iranian Ministry of Intelligence was used to hack and receive data in e-mails.

"Based on reports on the investigation, it is established that the cyber attack is a state attack sponsored by the Iranian government, mainly the Ministry of Intelligence and the Iranian Islamic Revolutionary Guard Corps. In the following, the attribution report of Microsoft MSTIC and Microsoft DART also matches the report conducted in parallel by the Partner Investigation Agency. Although Proxy technology was used to cover the origin of the communication, at all times that this communication was temporarily disconnected, it became clear that Iranian IPs were hidden behind it. To obtain data from the exchange infrastructure, a cyber tool created by the Iranian Ministry of Intelligence was used to hack and exfiltrate e-mails. Iran is the only country in the world that has the cyber field at the ministry level, precisely to show the importance of cyber activity for them. The same tool for exfiltrating official e-mails in Albania was also used in the United Emirates, Kuwait, Saudi Arabia, Israel, Cyprus. The method used by Zerocleare is also linked to the Iranian Ministry of Intelligence, where the source of the licenses is shared among various Iranian actors. The GoXml file is used for data encryption, signed with a certificate issued by Cert Iranian. The same technique was also used in the attack on Saudi Arabia in June 2021", it is written in the file./ TCH The method used by Zerocleare is also linked to the Iranian Ministry of Intelligence, where the source of the licenses is shared among various Iranian actors. The GoXml file is used for data encryption, signed with a certificate issued by Cert Iranian. The same technique was also used in the attack on Saudi Arabia in June 2021", it is written in the file./ TCH The method used by Zerocleare is also linked to the Iranian Ministry of Intelligence, where the source of the licenses is shared among various Iranian actors. The GoXml file is used for data encryption, signed with a certificate issued by Cert Iranian. The same technique was also used in the attack on Saudi Arabia in June 2021", it is written in the file./ TCH