HomeRisk ManagementsIranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Iranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Published on

spot_img

Intelligence and law enforcement agencies in Australia, Canada, and the US have raised concerns about an Iran-backed cyber campaign that has been active for over a year. According to a joint advisory issued by various agencies, the hackers behind this campaign have been using brute force and other sophisticated techniques to target organizations across several critical infrastructure sectors.

The campaign, which was first detected in October 2023, has specifically focused on critical sectors such as healthcare, government, information technology, engineering, and energy. The cyber threat actors responsible for the attacks have been identified as using techniques like brute force attacks, password spraying, and multifactor authentication (MFA) push bombing to gain access to victim networks.

Prior to infiltrating targeted organizations, the hackers conducted thorough reconnaissance operations to collect crucial information about their victims. By leveraging valid user and group email accounts obtained through brute force attacks, the actors were able to gain persistent access to systems such as Microsoft 365, Azure, and Citrix.

In cases where MFA was enabled, the hackers implemented a technique known as ‘MFA fatigue’ or ‘MFA push bombing’ by bombarding users with push notifications until they either accidentally approved the request or stopped the notifications. Once inside a victim’s network, the threat actors utilized methods like Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), and Microsoft Active Directory to move laterally, escalate privileges, and gather credentials.

To help organizations detect and mitigate the risks posed by this campaign, the joint advisory outlined several recommendations. These included monitoring for suspicious logins with changing usernames, user agent strings, and IP address combinations, as well as looking out for unusual activity in dormant accounts and processes indicating credential dumping.

In terms of mitigation strategies, the advisory suggested reviewing password management practices, disabling access for departing staff, implementing phishing-resistant MFA, and providing cybersecurity training to users. Additionally, organizations were advised to align their password policies with the latest NIST Digital Identity Guidelines, disable the use of RC4 for Kerberos authentication, and continuously review MFA settings to ensure coverage over all active, internet-facing protocols.

The advisory, signed by prominent agencies such as the FBI, NSA, CISA, CSE, AFP, and ACSC, serves as a crucial alert to organizations operating within critical infrastructure sectors. By being vigilant and implementing the recommended detection and mitigation measures, entities can enhance their cybersecurity posture and defend against the ongoing threat posed by these Iran-backed hackers.

Source link

Latest articles

How Agentic AI Reshapes the Modern SOC

The Evolution of Cybersecurity: Embracing Agentic AI in Security Operations Centers In the ever-changing landscape...

Non-Interactive SSH Attacks Surge Post-Login

A recent study utilizing eleven SSH honeypots has illuminated critical insights into the nature...

New Avalon Malware Framework Enhances CrownX Ransomware Features

Cybersecurity researchers have uncovered a previously unknown modular malware framework known as Avalon, which...

Fake Google and Cloudflare Verification Pages Distributing StealC, HijackLoader, and NetSupport Malware

Increased Exploitation of ClickFix Social Engineering Campaigns: A Rising Threat Threat actors are currently leveraging...

More like this

How Agentic AI Reshapes the Modern SOC

The Evolution of Cybersecurity: Embracing Agentic AI in Security Operations Centers In the ever-changing landscape...

Non-Interactive SSH Attacks Surge Post-Login

A recent study utilizing eleven SSH honeypots has illuminated critical insights into the nature...

New Avalon Malware Framework Enhances CrownX Ransomware Features

Cybersecurity researchers have uncovered a previously unknown modular malware framework known as Avalon, which...