HomeRisk ManagementsIranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Iranian Hackers Target Critical National Infrastructure with Brute Force Attacks

Published on

spot_img

Intelligence and law enforcement agencies in Australia, Canada, and the US have raised concerns about an Iran-backed cyber campaign that has been active for over a year. According to a joint advisory issued by various agencies, the hackers behind this campaign have been using brute force and other sophisticated techniques to target organizations across several critical infrastructure sectors.

The campaign, which was first detected in October 2023, has specifically focused on critical sectors such as healthcare, government, information technology, engineering, and energy. The cyber threat actors responsible for the attacks have been identified as using techniques like brute force attacks, password spraying, and multifactor authentication (MFA) push bombing to gain access to victim networks.

Prior to infiltrating targeted organizations, the hackers conducted thorough reconnaissance operations to collect crucial information about their victims. By leveraging valid user and group email accounts obtained through brute force attacks, the actors were able to gain persistent access to systems such as Microsoft 365, Azure, and Citrix.

In cases where MFA was enabled, the hackers implemented a technique known as ‘MFA fatigue’ or ‘MFA push bombing’ by bombarding users with push notifications until they either accidentally approved the request or stopped the notifications. Once inside a victim’s network, the threat actors utilized methods like Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), and Microsoft Active Directory to move laterally, escalate privileges, and gather credentials.

To help organizations detect and mitigate the risks posed by this campaign, the joint advisory outlined several recommendations. These included monitoring for suspicious logins with changing usernames, user agent strings, and IP address combinations, as well as looking out for unusual activity in dormant accounts and processes indicating credential dumping.

In terms of mitigation strategies, the advisory suggested reviewing password management practices, disabling access for departing staff, implementing phishing-resistant MFA, and providing cybersecurity training to users. Additionally, organizations were advised to align their password policies with the latest NIST Digital Identity Guidelines, disable the use of RC4 for Kerberos authentication, and continuously review MFA settings to ensure coverage over all active, internet-facing protocols.

The advisory, signed by prominent agencies such as the FBI, NSA, CISA, CSE, AFP, and ACSC, serves as a crucial alert to organizations operating within critical infrastructure sectors. By being vigilant and implementing the recommended detection and mitigation measures, entities can enhance their cybersecurity posture and defend against the ongoing threat posed by these Iran-backed hackers.

Source link

Latest articles

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...

Dell BIOS Flaw Allows Attackers to Extract Plaintext Passwords Without Brute Force

Critical Dell BIOS Vulnerability Exposed: An Urgent Security Concern A recently surfaced vulnerability in Dell's...

KDDI Data Breach Exposes Personal Information of 12 Million Individuals

Significant Data Breach at KDDI Affects 12 Million Users in Japan In a troubling development,...

Zimbra Issues Security Update for Stored XSS Vulnerability in Classic Web Client

Zimbra Addresses Stored XSS Vulnerability with Daffodil v10.1.19 Update Zimbra, a prominent provider of collaboration...

More like this

UNK MassTraction Aims for Partnerships with US and Canadian Universities

Targeted Cyber Attacks on U.S. and Canadian Universities: The Threat of UNK_MassTraction A newly identified...

Dell BIOS Flaw Allows Attackers to Extract Plaintext Passwords Without Brute Force

Critical Dell BIOS Vulnerability Exposed: An Urgent Security Concern A recently surfaced vulnerability in Dell's...

KDDI Data Breach Exposes Personal Information of 12 Million Individuals

Significant Data Breach at KDDI Affects 12 Million Users in Japan In a troubling development,...