H4shur

h4shur
Background information
Birth name	Mohammad Jafari
Born	Unknown iran
Origin	Persian
Genres	hack
Occupation(s)	Hacker, security researcher, programmer, author
Years active	2013–present
Labels	h4shur

h4shur (Persian: هاشور) is the name used by a person named Mohammad Jafari for his cyber activities on the internet. Little information is available about this person, but some sources have suggested that he may be affiliated with the Iranian government or the Cyber Corps, while others have suggested that he is not affiliated. He has attacked several American, Saudi, and Chinese websites, as well as Iranian, American, Israeli, British, Saudi, and Australian^[1] government websites. In addition, there have been reports of companies being targeted by companies such as adobe^{[2][3][4][5][6][7][8][9][10][11]} and chery^[12] and MOBOTIX^[13] and acer^[14] is registered by this person. And there is evidence that university websites in Iran, China, the United States, and Saudi Arabia have been hacked. Also, according to the available documents and evidence, this person has discovered more than 30 vulnerabilities on the internet and published them publicly. Some of these vulnerabilities ^{[15][16][17][18][19][20][21]} have several thousand hosts.

History and Attacks

Not much information is available about this person's past, but some claim that he has been active since 2013. According to h4shur's evidence, he has officially joined the CB, RMX team, bax, Persian Security Group (PSG) teams, and according to the allegations, this person has secretly been in teams whose names have not been revealed yet, and is active. In 2020, the FBI and CIA-affiliated Anomali Cyber Threats Research and Development Center prepared a report on Iran's cyber activity, listing page 9 on the list of active and Iranian-backed hacking teams, and the above teams on the team list, Iranian hackers were named.^[22]

In 2021, a number of Saudi hackers targeted Iranian sites and insulted Iranians on their deface pages. After the start of the first wave, H4shur gave a firm response. H4shur targeted the website of a Saudi petrochemical plant. The news spread widely among the Saudis.

After H4shur's response, the Saudi hackers remained silent for a while and resumed their attacks, launching a second wave of attacks with the hacking of Iran's internet TV website. After the start of the second wave of Saudi hacker attacks, H4shur reacted again, this time targeting the Saudi Chamber of Commerce, which led to the release of the identities of related individuals and Saudi businessmen and Chamber of Commerce documents. After H4shur's response, Saudi hackers stopped their attacks.^[23]

Following the incident, H4shur sent the following message to the Saudis:

"For some time now, Saudi hackers have been hacking into Iranian sites and using inappropriate words. In their first attack on the Saudi government, I published the Rako Petrochemical Database as a free gift.

At the time of the second attack by Saudi hackers, I published the database of the Saudi Chamber of Commerce and Industry as a free gift, which included information on 4,000 people.

Saudi Arabia is confident that in the event of a third attack, they will face a heavier response.

// h4shur"^[24]

Following this message, Saudi hackers, along with hackers from Jordan, the UAE, Yemen, Iraq, and Israel, launched a third wave of attacks. After the third wave of attacks began, H4shur reacted again, first targeting the Saudi company "Rest night", as a result of which H4shur released the identities of 4,000 people along with documents.^[25] The third wave was higher than the first and second waves due to the increase in the number of hackers attacking Iranian websites. In the third wave, the alliance of Arab hackers and H4shur reacted to each other's actions. H4shur's second response in the third wave was to attack Emirati servers and release other documents. ^[26]

In response to the third wave of attacks, H4shur once again announced that the UAE had been hacked and had released more than 600 1GB files, including national cards, identity cards, passports, resumes, and other documents.^[27]

In his fourth response in defense of the Iranians, H4shur this time targeted one of Israel's largest legal centers and released important personal and identity information.^[28]

In his fifth response on the official Twitter channel, H4shur announced that the UAE had been hacked and had republished more than 600 1 GB files, including national card, identity card, passport, resume, and other documents.^[29]

In its sixth response, H4shur announced the re-hacking of the UAE and released more than 450 files with a size of 500 MB, including national card, identity card, passport, resume, and other documents.^[30]

Thus, the hacker responses, the Arab hackers stopped their attacks, and the news of these hackers and the hacker responses were circulating violently among the Arabs and reached the center of cyber incidents in the UAE.

After H4shur's responses, the Arab hackers did not attack for several weeks.

Some time later, another Arab hacker launched a fourth wave of attacks on Iranian sites and insults to Iranians, which again met with H4shur's response. In response to this hack, H4shur released more than 500 files with a size of 230 MB, including national card, identity card, passport, resume, and other documents.^[31]

After H4shur's response, there has been no attack to date, and it can be said that H4shur stood alone against the hackers of several Arab countries.

Produce Malicious Bots

Some people affiliated with this person have reported that h4shur has generated a malicious bot for the Windows operating system, which, according to some people, the number of systems infected with this malicious bot reaches 17,000 systems.

Cyber Security Research

According to observations and studies, his security research has been recorded and published in Google Scholar^[32], ResearchGate^[33], Researcher ID^[34], ORCID^[35], Exploit-DB^[36], CxSecurity^[37], Vulnerability-Lab^[38], PacketStormSecurity^[39], 0day.today^[40], Research-Lab^[41], OpenBugBounty^[42], CERT Europa^[43], etc.

Adobe

In the Exploit-DB^[44] database, which is a specialized and important database for vulnerabilities, only two vulnerabilities have been registered in this database to date. One was registered by the Vulnerability-Lab in 2016^[45] and the other by H4shur in 2021^[46].

Security Research Project on Adobe Products :

Adobe Connect 10 -Username Disclosure (Local Route Disclosure)^[47] Adobe Connect 10 Local File Disclosure^[48]

Hacking Websites and Servers

According to reviews, websites and servers that have been hacked by h4shur or resulting in security and intrusion testing in zone-h, mirror-h, defacer.id, zone-d, zone-db, 1nj3ctor, and more have been registered and archived.

Comments

The reason for the scale and complexity of Iran's cyber-attacks on US universities, Newsweek Weekly, called Iranian hackers the best in the world. ^[49] Checkpoint Software Company described one of Iran's hacker groups as a 9-man army. ^[50] In 2013, a Revolutionary Guards general stated that "Iran has the fourth most powerful cyber army in the world." ^[51] On March 7, 2018, the site (TurboFuture) claimed that Iran has the fifth most powerful cyber army in the world. ^[52]

Social Networks and Ways of Communication

According to investigations, the hacker is active on social networks Instagram and Twitter. He also mentions his communication channels on the sites and servers he hacks or records his research.

Ways of Communication

• website : h4shur.xyz
• instagram : @h4shur
• twitter : @h4shur
• mail : [email protected]

Scientific and Research Profiles

scholar google

Research Gate

orcid

publons / researcherID

exploit-db

cxsecurity

0day today

vulnerability-lab

packetstormsecurity

cert europa

research-labs

openbugbounty

& ...

Sources