CloudSEK’s Threat Intelligence Research team analyzed the profile of a threat actor handle that seems to be connected to a popular hacker group known as Shield Iran Security Team.
Updated on
April 19, 2023
Published on
January 12, 2022
Read MINUTES
5
Subscribe to the latest industry news, threats and resources.
CloudSEK’s Threat Intelligence Research team analyzed the profile of a threat actor handle that seems to be connected to a popular hacker group known as Shield Iran Security Team.
CloudSEK’s Threat Intelligence Research team analyzed the profile of a threat actor handle that seems to be connected to a popular hacker group known as Shield Iran Security Team.
Posts made by the threat actor handle, Amo Changiz, on an English language cybercrime forum, target regions such as UAE, Kurdistan, Nigeria, Indonesia, Israel, and Brazil.
Further analysis revealed that the actor is part of Shield Iran Security Team, which has a total of 8 members.
On 18 December 2021 a threat actor handle “Amo Changiz” posted a compromised Indonesian government database, on an English language cybercrime forum.
The post included links that redirect to another cybercrime forum that references the Shield Iran Security Team.
Shield Iran Security Team is an 8 member cybercrime group that has a huge following on various social media and communication channels. They also have a website that provides tutorials, rootkits, and stealers.
The group is actively involved in dumping data, belonging to entities across the world, on cybercrime forums, communication channels, and their website.
Date
Target
Target Region
26 December 2021
60,000 passport records
China (Possibly)
26 December 2021
Amigo.co.il
Israel
24 December 2021
Kohinoor International School Database
India
13 December 2021
Passport records (Released in parts)
UAE
19 December 2021
Nigeria Customs Information Portal Mail Server Backup
Nigeria
18 December 2021
Kurdistan People Database
Kurdistan
18 December 2021
Government Backup database of Indonesia
Indonesia
13 December 2021
City Hall of Banzaê City Council of Banzaê
Brazil
Other leaks by the hacker group have targeted crypto and e-commerce websites such as:
atacado.shop
cryptofairplay.com
playyourbet.com
They also actively post on another forum called zone-h.org, and all their posts are interlinked.
Threat actor’s post, on a cybercrime forum, mentioning their activities
We discovered mentions of Shield Iran Security Team, on an Iranian website, dating back to March 2020. This indicates that the group has been active for at least 2 years.
Their goals include maintaining the security of Iranian sites, building malicious software, hacking and training Iranian citizens on cybersecurity.
More information and context about Underground Chatter
On-Demand Research Services
Global Threat Intelligence Feed
Protect and proceed with Actionable Intelligence
The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
