Iran hacks of Georgian Hotels Lab Dookhtegan

We are exposing here one of the most shameless activities by “Ansar Group”, hacking and security team: disgusting activity against our own compatriots even outside of Iran! Iranian tourists travel to Georgia a lot since it is close, there are a lot of Persian concerts and is very cheap.The Ansar Group hacks the hotels in this country, follows our compatriots and steals their personal information for its own purposes. We are exposing here 4 slides from Ansar Group’s own presentation and their report about this cyber attack, the methods these bastards have used for hacking and gathering information about our compatriots. This way, Iranian citizens are not safe against this mother-fucker regime even when they are outside the country. You, mother-fucker, Ansar Group’s members! Have you thought how exposing your personal information will take you down to hell?! “Lab Dookhtegan” (“Read My Lips”) will definitely take this sweet revenge!
Follow us… lots of exposures are coming up…DOCUMENT FROM THE ANSAR GROUP

Report’s Date: 13/07/19

  • The project of accessing hotels in Georgia:

  • A list of best hotels in Georgia was prepared.

  • A list of the hotels chosen by the Iranian tourists was prepared.

  • A list of the best and most popular hotels in Georgia according to the bookings of Iranians was prepared.

  • The websites of those hotels were tested for infiltration. (Obviously, the room reservations for most of them is through different booking websites)

  • Most of the hotels in Georgia are using 2 booking sites, BOOKING.COM and AGONDA, that we cannot infiltrate them.

  • Afterwards, we proceeded with the social engineering in different ways:

  • Corresponding with the hotel reception for making a reservation in order to contaminate them by sending them contaminated documents.

  • In some cases, we succeeded to contaminate the hotel systems.

  • In some other cases, the receptionists said that they could not receive files (they were instructed).

  • In most cases, they downloaded our contaminated files, and in some cases, the anti-virus of the victim, identified our contaminated files.

  • Correspondence and conversation with one of the BOOKING websites for signing a contract.

  • First, we corresponded with the booking website for signing a contract.

  • Then we spoke with one of their sale persons.

  • Then, the sale person presented to us their panel online for half an hour.

  • Then we liked it and they sent us the contract.

  • We filled the contract and signed it.

  • But since the contamination took several weeks, we could not do the job.

  • Planning the program and the phishing page of the site BOOKING.COM

  • After checking several hotels, we found out that many of the hotels use BOOKING.COM

  • We checked the site BOOKING.COM and we found out that it does not have windows software.

  • We planned a Windows software

  • We bought a URL similar to it, but namecheep blocked it since it was too similar to the main URL.

  • Now we are working on getting a new URL that is similar to booking.com from another place so در این مرحله ما برنامه حمله سایبری گروه انصار واحد هک و امنیت را برایتان افشا میکنیم. در این نقشه عمق حملات سایبری نظام مزدور و تهدیدهایی که متوجه ثبات منطقه میشود را مشاهده میکنید. اهداف سایبری اعم از مخابراتی، اقتصادی، ترابری، امنیتی- دفاعی- نظامی، آموزشی، فرهنگی، بهداشتی، غذایی، حج و غیره.
    ما را دنبال کنید… افشاگری های زیادی برایتان داریم…

    We are exposing here the cyber-attack plan of “Ansar Group”, hacking and security team. This plan shows how extensive and deep are these cyber-attacks by this mercenary regime and the threats that it poses to the stability in the region. The targets for these cyber-attack include telecommunication, economy, transportation, security-defense-military, education, culture, health, food, Hajj, etc.
    Follow us… We have a lot more exposures for you… can continue the work.