HomeRisk ManagementsIranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Iranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Published on

spot_img

Intelligence and law enforcement agencies in Australia, Canada, and the US have raised concerns about an Iran-backed cyber campaign that has been active for over a year. According to a joint advisory issued by various agencies, the hackers behind this campaign have been using brute force and other sophisticated techniques to target organizations across several critical infrastructure sectors.

The campaign, which was first detected in October 2023, has specifically focused on critical sectors such as healthcare, government, information technology, engineering, and energy. The cyber threat actors responsible for the attacks have been identified as using techniques like brute force attacks, password spraying, and multifactor authentication (MFA) push bombing to gain access to victim networks.

Prior to infiltrating targeted organizations, the hackers conducted thorough reconnaissance operations to collect crucial information about their victims. By leveraging valid user and group email accounts obtained through brute force attacks, the actors were able to gain persistent access to systems such as Microsoft 365, Azure, and Citrix.

In cases where MFA was enabled, the hackers implemented a technique known as ‘MFA fatigue’ or ‘MFA push bombing’ by bombarding users with push notifications until they either accidentally approved the request or stopped the notifications. Once inside a victim’s network, the threat actors utilized methods like Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), and Microsoft Active Directory to move laterally, escalate privileges, and gather credentials.

To help organizations detect and mitigate the risks posed by this campaign, the joint advisory outlined several recommendations. These included monitoring for suspicious logins with changing usernames, user agent strings, and IP address combinations, as well as looking out for unusual activity in dormant accounts and processes indicating credential dumping.

In terms of mitigation strategies, the advisory suggested reviewing password management practices, disabling access for departing staff, implementing phishing-resistant MFA, and providing cybersecurity training to users. Additionally, organizations were advised to align their password policies with the latest NIST Digital Identity Guidelines, disable the use of RC4 for Kerberos authentication, and continuously review MFA settings to ensure coverage over all active, internet-facing protocols.

The advisory, signed by prominent agencies such as the FBI, NSA, CISA, CSE, AFP, and ACSC, serves as a crucial alert to organizations operating within critical infrastructure sectors. By being vigilant and implementing the recommended detection and mitigation measures, entities can enhance their cybersecurity posture and defend against the ongoing threat posed by these Iran-backed hackers.

Source link

Latest articles

AI Introduces Human Oversight Tax for Cybersecurity

Security Teams Save Time on Tasks but Spend More Time Checking AI's Work In an...

Patch Tuesday Summary: Microsoft Addresses Record 569 Vulnerabilities; SAP Resolves Critical Memory Corruption Issue

In a recent update, Thomas Fritsch, an esteemed SAP researcher at Onapsis, highlighted critical...

U.S. Sanctions First VPN Service and Malware Cryptor Seller for Ransomware Support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has taken significant action...

US Sanctions Target VPN Services Supporting Ransomware Gangs

U.S. Treasury Department Targets Cybercriminal Infrastructure with Sanctions In a decisive move against cybercrime, the...

More like this

AI Introduces Human Oversight Tax for Cybersecurity

Security Teams Save Time on Tasks but Spend More Time Checking AI's Work In an...

Patch Tuesday Summary: Microsoft Addresses Record 569 Vulnerabilities; SAP Resolves Critical Memory Corruption Issue

In a recent update, Thomas Fritsch, an esteemed SAP researcher at Onapsis, highlighted critical...

U.S. Sanctions First VPN Service and Malware Cryptor Seller for Ransomware Support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has taken significant action...