Iranian cyberespionage group uses new Hyperscrape tool to extract emails from victims’ mailboxes

2022-08-24 15:41

Google's Threat Analysis Group recently discovered a new tool named Hyperscrape which is able to steal data from mailboxes such as Gmail, Yahoo! or Microsoft Outlook.

Hyperscrape is a tool written for Windows systems in.

Figure C. Once all emails have been dumped, the software sends status and system information to the C2 server and deletes any security email from Google that might have been generated by the tool's activity.

It is unclear to researchers why that functionality has disappeared in later versions of the Hyperscrape tool.

In addition to the Hyperscrape tool, PwC reported in July 2022 another tool used and probably developed by the threat actor, which allowed the theft of targeted Telegram accounts.

The use of the Hyperscrape tool is only possible when the attacker is already in possession of valid credentials or a valid session cookie of the targeted mailbox.

News URL

https://www.techrepublic.com/article/iranian-cyberespionage-group-extracts-emails-using-hyperscrape/

#cyberespionage #email #iranian