CloudSEK’s Threat Intelligence Research team analyzed the profile of a threat actor handle that seems to be connected to a popular hacker group known as Shield Iran Security Team.
|Report Type||Threat Actor Profiling|
|Research Subject||Threat Actor Handle: Shield Iran Security Team|
- CloudSEK’s Threat Intelligence Research team analyzed the profile of a threat actor handle that seems to be connected to a popular hacker group known as Shield Iran Security Team.
- Posts made by the threat actor handle, Amo Changiz, on an English language cybercrime forum, target regions such as UAE, Kurdistan, Nigeria, Indonesia, Israel, and Brazil.
- Further analysis revealed that the actor is part of Shield Iran Security Team, which has a total of 8 members.
Underground Profile : Shield Iran Security Team
|Threat actor handle||Amo Changiz|
|Hacker Group||Shield Iran Security Team|
|Registration date on the forum||13 December 2021|
|Contact information (Based on the forum activity)||Telegram.Me/ChangizAmoTelegram.Me/TheHackingsTelegram.Me/Shield_DAtabase|
|Team members in the group||Nazila Blackhat Iliya Norton [email protected] Milad Hacking Sir.4m1r - Byp4sser HosseinKiA Ahwaz_Hackerz ChangizAmo|
Detailed Analysis : Shield Iran Security Team
- On 18 December 2021 a threat actor handle “Amo Changiz” posted a compromised Indonesian government database, on an English language cybercrime forum.
- The post included links that redirect to another cybercrime forum that references the Shield Iran Security Team.
- Shield Iran Security Team is an 8 member cybercrime group that has a huge following on various social media and communication channels. They also have a website that provides tutorials, rootkits, and stealers.
- The group is actively involved in dumping data, belonging to entities across the world, on cybercrime forums, communication channels, and their website.
|26 December 2021||60,000 passport records||China (Possibly)|
|26 December 2021||Amigo.co.il||Israel|
|24 December 2021||Kohinoor International School Database||India|
|13 December 2021||Passport records (Released in parts)||UAE|
|19 December 2021||Nigeria Customs Information Portal Mail Server Backup||Nigeria|
|18 December 2021||Kurdistan People Database||Kurdistan|
|18 December 2021||Government Backup database of Indonesia||Indonesia|
|13 December 2021||City Hall of Banzaê|
City Council of Banzaê
- Other leaks by the hacker group have targeted crypto and e-commerce websites such as:
- They also actively post on another forum called zone-h.org, and all their posts are interlinked.
- We discovered mentions of Shield Iran Security Team, on an Iranian website, dating back to March 2020. This indicates that the group has been active for at least 2 years.
- Their goals include maintaining the security of Iranian sites, building malicious software, hacking and training Iranian citizens on cybersecurity.