What's new

Operation Saffron Rose : AJAX

haman10

haman10

ELITE MEMBER
Joined
Apr 29, 2013
Messages
9,706
Reaction score
-2
Country
Iran, Islamic Republic Of
Location
Syrian Arab Republic
0049%25282%2529.jpg


I've previously made threads about iranian cyber army their operations and their power .

but now is the time for nationalist private hacking groups to rise up :

AJAX security team is one of them with its latest OP : Saffron rose .

the operation succeeded in exploiting 2000 IDs of VIP american politicians , military companies , banks .

the hacking group is believed to be consisted of 5-10 hackers with "HUrr!c4nE!" and "Cair3x" as their leader .

FireEye published a report titled “Operation Saffron Rose” to document the activities of the Iranian hacking group named Ajax Security Team

FireEye-Operation-Saffron-Rose.png


According to a recent report titled “Operation Saffron Rose” published bycybersecurity company FireEye, a group called the Ajax Security Team is the principal Iranian hacking group, it is responsible for different espionage campaigns on custom-built malicious software.

“This group, which has its roots in popular Iranian hacker forums such as Ashiyane and Shabgard, has engaged in website defacements since 2010. However, by 2014, this group had transitioned to malware-based espionage, using a methodology consistent with other advanced persistent threats in this region.

It is unclear if the Ajax Security Team operates in isolation or if they are a part of a larger coordinated effort. We have observed this group leverage varied social engineering tactics as a means to lure their targets into infecting themselves with malware. ” states the FireEye Blog post.

The Iranian hacking groups are considered by US a very aggressive threat, they conducted numerous cyber attacks, sabotage and cyber espionage are their principal activities according experts at FireEye.

In one of the recent attacks, the hackers of the Ajax Security Team infected computers of U.S. with spear phishing attacks, the malicious links to an infected bogus website (aeroconf2014.org) were sent by the attackers via email orsocial media messages.



According to FireEye the Ajax Security Team has deployed a malware, dubbed“Stealer”, which has the classic features of spyware software, it is able to syphon data, record keystrokes and grab screen shots.

Once collected, the information is encrypted and temporarily stored it on the victim’s machine, later it is sent by Stealer to the C&C server.

The firm has discovered that, ever since Stuxnet, Iran-based hacking groups are growing in sophistication and evolving into full-blown advanced persistent threat (APT) actors.

The Ajax Security Team is at issue here, a group that began life performing hacktivist-style website defacements before 2010. But as of 2014, it has transitioned to stealthy, malware-based espionage activity. Evidence in FireEye's report suggests that Ajax’s methodologies became more consistent with other APT actors in the Iranian region following cyber events against Iran in the late 2000s.

“There is an evolution underway within Iranian-based hacker groups that coincides with Iran’s efforts at controlling political dissent and expanding its offensive cyber capabilities,” said Nart Villeneuve, senior threat intelligence researcher at FireEye, in a statement. “We have witnessed not just growing activity on the part of Iranian-based threat actors but also a transition to cyber-espionage tactics. We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets’ machines for longer-term initiatives.”

The targets of Operation Saffron Rose include Iranian dissidents and US defense organizations. And, FireEye Research Labs said that it has recently observed the Ajax Security Team conducting multiple cyber-espionage operations against companies in the defense industrial base (DIB) within the US, as well as targeting local Iranian users of Proxifier or Psiphon, which are anti-censorship technologies that bypass Iran’s Internet filtering system. The firm uncovered that Ajax has become the first Iranian hacking group known to use custom-built malicious software to launch espionage campaigns.

========================================

previously a 22yr old iranian hacker , hacked the bejesus outta a very famous US cyber security com"COMODO"

i'm sure many of u have it's "firewall" installed on your computer :lol:

Free Antivirus | Internet Security and SSL Certificate from Comodo

comodologo.png


Comodo confirms it was attacked by an iranian national :

612524_789.jpg


the teenage iranian then explained how he hacked their servers and why :

612453_325.jpg


667122_261.jpg



this is the constant response from iranians to the stuxnet ,and according to the security firms , not only they have not slowed down but also increased significantly in sophistication and scale .

thats what u get i suppose :lol:
 
.
I dont support what the he does at all but I gotta admit, in deed a very interesting article.
 
.
haman10 said:
0049%25282%2529.jpg


I've previously made threads about iranian cyber army their operations and their power .

but now is the time for nationalist private hacking groups to rise up :

AJAX security team is one of them with its latest OP : Saffron rose .

the operation succeeded in exploiting 2000 IDs of VIP american politicians , military companies , banks .

the hacking group is believed to be consisted of 5-10 hackers with "HUrr!c4nE!" and "Cair3x" as their leader .

FireEye published a report titled “Operation Saffron Rose” to document the activities of the Iranian hacking group named Ajax Security Team

FireEye-Operation-Saffron-Rose.png


According to a recent report titled “Operation Saffron Rose” published bycybersecurity company FireEye, a group called the Ajax Security Team is the principal Iranian hacking group, it is responsible for different espionage campaigns on custom-built malicious software.

“This group, which has its roots in popular Iranian hacker forums such as Ashiyane and Shabgard, has engaged in website defacements since 2010. However, by 2014, this group had transitioned to malware-based espionage, using a methodology consistent with other advanced persistent threats in this region.

It is unclear if the Ajax Security Team operates in isolation or if they are a part of a larger coordinated effort. We have observed this group leverage varied social engineering tactics as a means to lure their targets into infecting themselves with malware. ” states the FireEye Blog post.

The Iranian hacking groups are considered by US a very aggressive threat, they conducted numerous cyber attacks, sabotage and cyber espionage are their principal activities according experts at FireEye.

In one of the recent attacks, the hackers of the Ajax Security Team infected computers of U.S. with spear phishing attacks, the malicious links to an infected bogus website (aeroconf2014.org) were sent by the attackers via email orsocial media messages.



According to FireEye the Ajax Security Team has deployed a malware, dubbed“Stealer”, which has the classic features of spyware software, it is able to syphon data, record keystrokes and grab screen shots.

Once collected, the information is encrypted and temporarily stored it on the victim’s machine, later it is sent by Stealer to the C&C server.

The firm has discovered that, ever since Stuxnet, Iran-based hacking groups are growing in sophistication and evolving into full-blown advanced persistent threat (APT) actors.

The Ajax Security Team is at issue here, a group that began life performing hacktivist-style website defacements before 2010. But as of 2014, it has transitioned to stealthy, malware-based espionage activity. Evidence in FireEye's report suggests that Ajax’s methodologies became more consistent with other APT actors in the Iranian region following cyber events against Iran in the late 2000s.

“There is an evolution underway within Iranian-based hacker groups that coincides with Iran’s efforts at controlling political dissent and expanding its offensive cyber capabilities,” said Nart Villeneuve, senior threat intelligence researcher at FireEye, in a statement. “We have witnessed not just growing activity on the part of Iranian-based threat actors but also a transition to cyber-espionage tactics. We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets’ machines for longer-term initiatives.”

The targets of Operation Saffron Rose include Iranian dissidents and US defense organizations. And, FireEye Research Labs said that it has recently observed the Ajax Security Team conducting multiple cyber-espionage operations against companies in the defense industrial base (DIB) within the US, as well as targeting local Iranian users of Proxifier or Psiphon, which are anti-censorship technologies that bypass Iran’s Internet filtering system. The firm uncovered that Ajax has become the first Iranian hacking group known to use custom-built malicious software to launch espionage campaigns.

========================================

previously a 22yr old iranian hacker , hacked the bejesus outta a very famous US cyber security com"COMODO"

i'm sure many of u have it's "firewall" installed on your computer :lol:

Free Antivirus | Internet Security and SSL Certificate from Comodo

comodologo.png


Comodo confirms it was attacked by an iranian national :

612524_789.jpg


the teenage iranian then explained how he hacked their servers and why :

612453_325.jpg


667122_261.jpg



this is the constant response from iranians to the stuxnet ,and according to the security firms , not only they have not slowed down but also increased significantly in sophistication and scale .

thats what u get i suppose :lol:
Click to expand...

To Hack, or not to Hack, that is the question,
Whether 'tis Nobler in the mind to suffer,
The Slings and Arrows of outrageous Fortune,
Or to take Arms against a Sea of troubles,
 
.
Neptune said:
I dont support what the he does at all but I gotta admit, in deed a very interesting article.
Click to expand...
well , in his own way , he is trying to stand up for his country

why don't u support him ? he didn't hack any non-governmental organization or sth .

Comodo is a military contractor

New said:
To Hack, or not to Hack, that is the question,
Whether 'tis Nobler in the mind to suffer,
The Slings and Arrows of outrageous Fortune,
Or to take Arms against a Sea of troubles,
Click to expand...
to die, to sleep
no more; and by a sleep, to say we end
the heart-ache, and the thousand natural shocks
that Flesh is heir to? 'tis a consummation
devoutly to be wished.
 
Last edited:
.
haman10 said:
well , in his own way , he is trying to stand up for his country

why don't u support him ? he didn't hack any non-governmental organization or sth .

Comodo is a military contractor


to die, to sleep
no more; and by a sleep, to say we end
the heart-ache, and the thousand natural shocks
that Flesh is heir to? 'tis a consummation
devoutly to be wished.
Click to expand...

The problem is with his way and what he does actually. What the USA's NSA and IRGC's Iranian Cyber Army doing are government approved cyber warfare operations. But what this guy doing is simply "professional hacking" which is a crime itself. An international cyber criminal, it doesn't require not targeting NGOs to have that title. Be it anything targetable, it makes him a criminal. Maybe he is doing that to raise his voice against what he thinks is wrong. But it's an unjustifiable act no matter what.

PMC? How come he is a PMC man. As he said, he's a 21 yo guy with computer skills.
 
.

Similar threads

ghazi52
Afghanistan exports 67 tons of Saffron, all domestically produced
Replies
0
Views
825
ghazi52
ghazi52
mohsen
After more than an year of silence, EU admitted Swedish spy has been arrested in Iran
Replies
3
Views
745
BHAN85
BHAN85
ghazi52
Iran's "Operation Truthful Promise - وعده صادق" on Israel :
2
Replies
17
Views
4K
sidkhan2
S
imadul
Indian Hackers Hacked Pakistan CCTV
Replies
1
Views
690
imadul
imadul
S
Cyber Attack planned on August 15 on Bangladesh and Pakistan
Replies
1
Views
450
Darth Vader
Darth Vader

Latest posts

Pakistan Defence Latest Posts

Pakistan Affairs Latest Posts

Military Forum Latest Posts

Country Latest Posts

Back
Top Bottom