Releasing the entire cache of stolen information might result in massive doxing, Redmond further warned. “After Holy Souls posted the sample data on YouTube and multiple hacker forums, the leak was amplified by a concerted operation across several social media platforms. This amplification effort made use of a particular set of influence Tactics, Techniques, and Procedures (TTPs) DTAC has witnessed before in Iranian hack-and-leak influence operations,” stated the Windows maker’s Digital Threat Analysis Center (DTAC). The similarities in using false-flag personas to carry out their hack-and-leak operations and using sockpuppet accounts that pretend to be reliable sources correlate with an FBI advisory from October 2022. The FBI assessed the goal to “undermine public confidence in the security of the victim’s network and data, as well as embarrass victim companies and targeted countries. These hack-and-leak campaigns involve a combination of hacking/theft of data and information operations that impact victims via financial losses and reputational damage.”
https://thehackernews.com/2023/02/microsoft-iranian-nation-state-group.html
