IBM’s X-FORCE IRIS recently found out details about Iranian threat group ITG18, which has connections with state sponsored Hackers group Phosphorus and Charming Kitten. The research done by X-FORCE IRIS states that the devices which hosted domains by the hackers themselves, was open by mistake for up to 72 hours. This incident happened due to some wrong configurations done by the group.
About 40 GB worth of videos and other files related to their previous operations were found by the research team. Some videos uncovered by the IBM X-FORCE research team on their servers consisted of recorded successful attacks against U.S. Navy and Naval force of Greece.
The research team pointed many weakness in the configurations done on the accounts and servers of the group, like many accounts were not protected by multi factor authentication. The IBM X-FORCE researchers found videos which appeared to be used for training worth 5 hours recorded by their other group members. Videos consisted of methods to exfiltrate data like online data, images and files on cloud storage related to the targeted accounts.
read more here: link