The Ajax Security Team has initiated multiple attacks which have been reported in the ‘Operation Saffron Rose’ FireEye report. The AST is a Iran-based hacking group which is capable of performing advanced persistent threats. Untill now the world claimed that Iran had no cyber technologies but it seems that these claims are being reconsidered as Iran has trained a massive army of hackers.
One of the main sites where these hackers get their information from is the Ashiyane forum which acts as a communication portal between the hackers and government of Iran.
On the Ashiyane forum you will find a lot of instructions on how to hack specific environments.
The RedSocks security company in the Netherlands published multiple samples of the malware which were used in the Operation Saffron Rose attacks.
Take a look at the samples here:
Operation Saffron Rose sample 1
Operation Saffron Rose sample 2
Operation Saffron Rose sample 3
Operation Saffron Rose sample 4
Operation Saffron Rose sample 5
The Operation Saffron Rose malware is now detected by the most AntiVirus solutions, the malware installs itselfs at the Windows startup and the binary contains encrypted and compressed data.