HomeRisk ManagementsIranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Iranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Published on

spot_img

Intelligence and law enforcement agencies in Australia, Canada, and the US have raised concerns about an Iran-backed cyber campaign that has been active for over a year. According to a joint advisory issued by various agencies, the hackers behind this campaign have been using brute force and other sophisticated techniques to target organizations across several critical infrastructure sectors.

The campaign, which was first detected in October 2023, has specifically focused on critical sectors such as healthcare, government, information technology, engineering, and energy. The cyber threat actors responsible for the attacks have been identified as using techniques like brute force attacks, password spraying, and multifactor authentication (MFA) push bombing to gain access to victim networks.

Prior to infiltrating targeted organizations, the hackers conducted thorough reconnaissance operations to collect crucial information about their victims. By leveraging valid user and group email accounts obtained through brute force attacks, the actors were able to gain persistent access to systems such as Microsoft 365, Azure, and Citrix.

In cases where MFA was enabled, the hackers implemented a technique known as ‘MFA fatigue’ or ‘MFA push bombing’ by bombarding users with push notifications until they either accidentally approved the request or stopped the notifications. Once inside a victim’s network, the threat actors utilized methods like Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), and Microsoft Active Directory to move laterally, escalate privileges, and gather credentials.

To help organizations detect and mitigate the risks posed by this campaign, the joint advisory outlined several recommendations. These included monitoring for suspicious logins with changing usernames, user agent strings, and IP address combinations, as well as looking out for unusual activity in dormant accounts and processes indicating credential dumping.

In terms of mitigation strategies, the advisory suggested reviewing password management practices, disabling access for departing staff, implementing phishing-resistant MFA, and providing cybersecurity training to users. Additionally, organizations were advised to align their password policies with the latest NIST Digital Identity Guidelines, disable the use of RC4 for Kerberos authentication, and continuously review MFA settings to ensure coverage over all active, internet-facing protocols.

The advisory, signed by prominent agencies such as the FBI, NSA, CISA, CSE, AFP, and ACSC, serves as a crucial alert to organizations operating within critical infrastructure sectors. By being vigilant and implementing the recommended detection and mitigation measures, entities can enhance their cybersecurity posture and defend against the ongoing threat posed by these Iran-backed hackers.

Source link

Latest articles

ModHeader Chrome Extension Exposes 900,000 Users to Possible Browsing History Theft

Security Vulnerability Unveiled in Popular Chrome Extension ModHeader A significant security vulnerability has been identified...

Bipartisan House Bill Advocates for AI in Pediatric Cancer Care

A newly proposed bipartisan legislation in the United States aims to significantly accelerate the...

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...

Governments to Enterprises: Enhance Your Router Security Practices

Cybersecurity Vulnerabilities Rise as Actors Exploit Cisco Flaws Recent reports have highlighted a concerning trend...

More like this

ModHeader Chrome Extension Exposes 900,000 Users to Possible Browsing History Theft

Security Vulnerability Unveiled in Popular Chrome Extension ModHeader A significant security vulnerability has been identified...

Bipartisan House Bill Advocates for AI in Pediatric Cancer Care

A newly proposed bipartisan legislation in the United States aims to significantly accelerate the...

Progress Software Issues Warning About External Security Threat to ShareFile

Data Security Threat at Progress Software Underscores Vulnerabilities in File Storage Solutions The recent alarm...