#ParsedReport #CompletenessLow
23-09-2024
Hikki-Chan: Unmasking a Fraudulent Hacker and The Iranian Connection.
https://www.codeaintel.com/p/hikki-chan-unmasking-a-fraudulent
Report completeness: Low
Actors/Campaigns:
Hikki-chan (motivation: disinformation, propaganda)
Black_shadow
Irgc (motivation: disinformation, propaganda)
Charming_kitten
Oilrig (motivation: disinformation, propaganda)
Muddywater (motivation: disinformation, propaganda)
Threats:
Pay2key
Victims:
Vk, Kavim, Israeli police, Aharai, Israeli companies, Shirbit, Israeli banks
Industry:
Military, Government, Financial, Transport
Geo:
Iran, Israel, Israeli, Russian, Iranian
The main idea of the paper is the emergence of a suspicious figure on hacker forums called “Hikki-Tian”, who is considered more of a fraud than a real hacker. The paper discusses instances of Hikki-Tian falsely claiming responsibility for hacking attacks, recycling old data to make it look legitimate, and potentially being linked to state-sponsored entities like the IRGC. It also examines how Iranian-linked groups engage in disinformation campaigns to manipulate public perception and undermine Israeli cybersecurity measures.
—-
CodeAIntel is a paper by Tom Mulkey, head of cyber research at Rakia.ai, that explores the convergence of artificial intelligence, cybersecurity, and intelligence gathering. It discusses the emergence of new threat actors, including a figure called “Hikki-Tian” who has gained attention on hacker forums. However, further analysis suggests that Hikki-Tyan may be a scammer exploiting geopolitical tensions rather than a genuine hacker.
Hikki-Chan’s reputation is largely based on what she claims is a data leak from the Russian social media site VKontakte (VK). Closer inspection reveals that the leaked data is publicly available information, not the result of an actual hack. This is in line with a common tactic by scammers to present their collected data as exclusive, stolen information in order to gain credibility in hacker communities.
One of Hikki-Chan’s bold claims concerns the hack of the Israeli public transportation company Kavim. However, as Bleeping Computer reports, this attack was actually carried out by the IRGC-affiliated group Black Shadow in 2021. By falsely claiming responsibility for a well-known attack, Hikki-Chan further casts doubt on her credibility.
Another major claim by Hikki-Chan concerns the hack of an Israeli police database. However, analysis shows that the data provided is from a youth organization called Aharai, not law enforcement. Moreover, this dataset was previously seen on hacker forums in 2023, before Hikki-Chan emerged, indicating a practice of scrapping old data instead of conducting legitimate hacking activities.
Iranian state-sponsored APT groups such as Charming Kitten (APT35) and OilRig (APT34) have been observed engaging in disinformation campaigns involving the publication of supposedly leaked Israeli databases. These operations are aimed at attracting media attention, conducting psychological operations, and damaging Israel’s reputation and its perceived security posture.
Several examples have been cited of Iranian-linked groups publishing fake or outdated Israeli databases in order to sow confusion and undermine trust in Israel’s cybersecurity measures. These actions are aimed at manipulating public perceptions and shaping perceptions, rather than addressing the immediate consequences of a data breach.
Hikki-Tian’s profile is based on available information indicating an increase in reputation scores on forums during periods of heightened geopolitical tensions. While the exact motives are unclear, such behavior suggests possible involvement with state-sponsored entities such as the IRGC, in order to conduct psychological operations to portray the vulnerability of Israeli cyber defenses.
