HomeRisk ManagementsIranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Iranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Published on

spot_img

Intelligence and law enforcement agencies in Australia, Canada, and the US have raised concerns about an Iran-backed cyber campaign that has been active for over a year. According to a joint advisory issued by various agencies, the hackers behind this campaign have been using brute force and other sophisticated techniques to target organizations across several critical infrastructure sectors.

The campaign, which was first detected in October 2023, has specifically focused on critical sectors such as healthcare, government, information technology, engineering, and energy. The cyber threat actors responsible for the attacks have been identified as using techniques like brute force attacks, password spraying, and multifactor authentication (MFA) push bombing to gain access to victim networks.

Prior to infiltrating targeted organizations, the hackers conducted thorough reconnaissance operations to collect crucial information about their victims. By leveraging valid user and group email accounts obtained through brute force attacks, the actors were able to gain persistent access to systems such as Microsoft 365, Azure, and Citrix.

In cases where MFA was enabled, the hackers implemented a technique known as ‘MFA fatigue’ or ‘MFA push bombing’ by bombarding users with push notifications until they either accidentally approved the request or stopped the notifications. Once inside a victim’s network, the threat actors utilized methods like Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), and Microsoft Active Directory to move laterally, escalate privileges, and gather credentials.

To help organizations detect and mitigate the risks posed by this campaign, the joint advisory outlined several recommendations. These included monitoring for suspicious logins with changing usernames, user agent strings, and IP address combinations, as well as looking out for unusual activity in dormant accounts and processes indicating credential dumping.

In terms of mitigation strategies, the advisory suggested reviewing password management practices, disabling access for departing staff, implementing phishing-resistant MFA, and providing cybersecurity training to users. Additionally, organizations were advised to align their password policies with the latest NIST Digital Identity Guidelines, disable the use of RC4 for Kerberos authentication, and continuously review MFA settings to ensure coverage over all active, internet-facing protocols.

The advisory, signed by prominent agencies such as the FBI, NSA, CISA, CSE, AFP, and ACSC, serves as a crucial alert to organizations operating within critical infrastructure sectors. By being vigilant and implementing the recommended detection and mitigation measures, entities can enhance their cybersecurity posture and defend against the ongoing threat posed by these Iran-backed hackers.

Source link

Latest articles

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...

AI Isn’t Bridging the Skills Gap — It’s Highlighting the Validation Gap

AI and Cybersecurity: A Growing Concern Amidst Rapid Deployment The advent of artificial intelligence (AI)...

More like this

Hackers Exploit Trusted Microsoft Domain and One-Time Codes to Hijack Corporate Accounts

Rising Phishing Threat Exploits Microsoft Authentication Flows A new phishing technique has surfaced, capitalizing on...

NCA Warns Parents About Exploitation of Shared Child Photos by AI

The National Crime Agency (NCA) has initiated a significant campaign aimed at educating parents...

Single Points of Failure Are Problematic: The SaaS Layer Is No Exception

Lessons in IT Resilience: The Inevitable Nature of Failure and the Case for Redundancy In...