Wired
NEARLY THREE YEARS after the mysterious group called the Shadow Brokers began disemboweling the NSA’s hackers and leaking their hacking tools onto the open web, Iran’s hackers are getting their own taste of that unnerving experience. For the last month, a mystery person or group has been targeting a top Iranian hacker team, dumping their secret data, tools, and even identities onto a public Telegram channel—and the leak shows no signs of stopping.
Since March 25, a Telegram channel called Read My Lips or Lab Dookhtegan—which translates from Farsi as “sewn lips”—has been systematically spilling the secrets of a hacker group known as APT34 or OilRig, which researchers have long believed to be working in service of the Iranian government. So far, the leaker or leakers have published a collection of the hackers’ tools, evidence of their intrusion points for 66 victim organizations across the world, the IP addresses of servers used by Iranian intelligence, and even the identities and photographs of alleged hackers working with the OilRig group.