• فارسی
  • العربیه
  • AL
  • Personal Story
  • Videos
  • About Us
  • Fake News
Wednesday, June 29, 2022
Iran Probe
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
No Result
View All Result
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
No Result
View All Result
Iran Probe
No Result
View All Result
Home Fake News

US, UK, and Australian Agencies Issue Joint Cybersecurity Advisory on Iranian APT Groups Targeting Critical Infrastructure

November 26, 2021
in Fake News
Share on FacebookShare on Twitter

The US, UK, and Australian agencies issued a joint cybersecurity alert over Iranian APT actors exploiting Fortinet and Microsoft Exchange ProxyShell vulnerabilities to compromise critical infrastructure entities.

Post exploitation, the Iranian government-sponsored APT actors exfiltrated data and deployed ransomware to extort the victims.

The agencies observed Iranian APT groups scanning for Microsoft Exchange ProxyShell vulnerability since October 2021 while they had actively exploited Fortinet vulnerabilities since March 2021.

Iranian APT groups target known vulnerabilities instead of specific industries

The joint advisory noted that Iranian APT groups actively targeted critical infrastructure in healthcare, transportation, and the public sector, and Australian organizations.

However, they are focused on high-impact known Exchange Server and Fortinet FortiOS vulnerabilities instead of specific industries.

According to the advisory, the Iranian APT groups leveraged Microsoft Exchange Server Remote Code Execution (RCE) Vulnerability CVE-2021-34473 (CVSS 9.8) to gain access. They also leveraged Fortinet FortiOS improper authentication vulnerability in SSL VPN CVE-2020-12812 (CVSS 9.8), FortiOS default configuration vulnerability CVE-2019-5591 (CVSS 6.5), and FortiOS Path Traversal vulnerability CVE-2018-13379 (CVSS 9.8).

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) observed Iranian APT groups scanning devices on ports 4443, 8443, and 10443 for FortiOS vulnerabilities.

However, the joint advisory did not attribute the critical infrastructure attacks to specific threat actors.

Previously, Iran’s Fox Kitten was observed targeting critical infrastructure and had exploited the FortiOS vulnerability.

Mr. Crain Mueller, Vice President of Federal Sales at iBoss says that Russian state-sponsored hackers were not the single threat to U.S. critical infrastructure.

“Iran has proven to be an adversary capable of sowing chaos through sophisticated attacks and new reports that it may be targeting our transportation and healthcare sector should be chilling. As we saw last spring with the JBS Pipeline attack, our nation’s infrastructure has serious vulnerabilities, and a successful attack on these sectors could be devastating.”

Iranian hackers use legitimate tools to compromise critical infrastructure entities

The Iranian APT groups leveraged legitimate and malicious tools like Mimikatz for stealing credentials, WinPeas for privilege escalation, Windows Management Instrumentation (SharpWMI), WinRAR for compressing stolen data, and FileZilla for uploading stolen files over FTP.

Additionally, the Iranian APT groups scheduled tasks using the Windows Task Scheduler and enabled the BitLocker encryption before sending or leaving a threatening ransom note.

Similarly, the Iranian APT groups created accounts mimicking existing ones to trick domain administrators and maintain persistence.

The FBI and CISA associated rogue accounts and active directories named Support, Help, WADGUtilityAccount, and elie with the Iranian hacking activity. However, the accounts also varied depending on the compromised network.

The joint advisory highlighted an incident in May 2021, when Iranian APT groups breached a municipal government and created an account with the username elie.

Cybersecurity agencies issued security guidelines to defend against Iranian hackers

The FBI, CISA, NCSC, and ACSC directed system administrators to check for indicators of compromise and patch their systems to degrade the ability of Iranian APT groups to exploit known vulnerabilities.

Additionally, they should update their Block and Allow lists, enforce backup and restoration policies, segment their networks, implement multi-factor authentication, and enforce strong passwords. System administrators should monitor RDP access logs, disable unused RDP ports and restrict remote users to certain resources. They should also disable hyperlinks in external emails and add warning banners to reduce the risk of phishing. Additionally, they should audit account privileges and implement role-based access controls, according to the joint cybersecurity advisory.

CISA Executive Director Brandon Wales noted that human behavior remains the Achilles Heel in cybersecurity.

“And while certain steps, such as spotting phishing attempts, implementing multi-factor authentication or patching vulnerabilities are easily implemented at the individual level, they are much more difficult to implement community, business or organization-wide.”

Wales also noted that CISA’s abilities to patch known vulnerabilities were limited by the number of incidents reported.

The FBI, CISA, NCSC, and ACSC issued a joint #cybersecurity advisory on Iranian APT groups exploiting known vulnerabilities to compromise #criticalinfrastructure entities. #cybersecurity #respectdataClick to Tweet

“This hampers our ability to conduct critical analysis, spot adversary campaigns, release mitigation guidance, and provide [a] timely response, leaving critical infrastructure vulnerable and that is unacceptable.”

He urged Congress to pass mandatory ransomware incident reporting requirements for critical infrastructure entities

Tags: IranSlider
ShareTweetSendShare
Previous Post

We Weren’t Just Numbers, We Were the Future

Next Post

33 years later in Durres court!

Related Posts

Fake News

A senior member of the US Congress: The constant pattern of deception and double behavior of the Iranian regime

May 27, 2022
Fake News

Iran’s Cyber Army: A Force of Disinformation for a Cursed Cause

April 2, 2022
Articles

A BROKEN TIN-FLAT HAS A SCRATCHED SOUND

February 21, 2022

Stay Connected

Latest Posts

Two Iranian Bahai women detained in Shiraz, southwest Iran

June 28, 2022

Exclusive Report: 48th US Vice President Mike Pence Meets NCRI’s Maryam Rajavi, Visits Ashraf 3 in Albania

June 24, 2022

Why are Iranian pensioners protesting across the country?

June 22, 2022

Khamenei’s Own Ranks Are Warning of Iran’s Troubling Circumstances

June 21, 2022

Germany Expels an Iranian clergy in Hamburg Because of Terror Charges

June 19, 2022

Iran mullahs enforce compulsory Hijab via new “bases” and repressive laws

June 18, 2022

Follow Us On Twitter

About Iran Probe

Iran Probe

Iran Probe is the English version of the Iran Efshagar website that began its work back in 2004 in Farsi...
In the past few years Iran Efshagar has been able to expose the lies of the Iranian regime and its agents, who are active under the cloak of opposition figures or the regime’s lobbies in Europe and the United States.

Browse by Category

  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Camps Ashraf and Liberty
    • Ashraf
      • Deadly Attacks
      • Iraq Nationwide Support
      • Medical Siege
      • Other atrocities
      • Psychological Torture
      • TIPF
      • Visit of International Delegations
    • Liberty
      • Attacks
      • Iraqi Camp Management
      • Liberty Medical Siege
      • Liberty News
      • Logistical Siege
      • Safety and Security
      • UNHCR Statements
  • Demonization Campaign
    • Iran-Iraq War
    • Kurds and Shiites Allegation
    • Name calling
  • Fake News
  • Iran's Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Iranian Intelligence Offshoots
    • ADVT
    • Habilian
    • Iran-Interlink
    • Nejat Society
  • News
  • Personal Story
  • Reports and Articles
    • Articles
    • Reports
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Uncategorized
  • Videos

External Links

Stay Connected

Copyright © 2008 - 2020 by Iran Efshagar - English. All rights reserved.

No Result
View All Result
  • Home
  • Reports and Articles
    • Articles
    • Reports
  • Terrorism
    • Foreign Targets
    • Iranian Dissidents
    • Regional Interferences
  • Iranian Intelligence Offshoots
    • Iran-Interlink
    • Nejat Society
    • Habilian
  • Demonization Campaign
    • Name calling
    • Iran-Iraq War
    • Kurds and Shiites Allegation
  • Iran’s Operatives
    • NIAC and Iran Lobbies
    • Vavak/ MOIS Agents
  • Ashraf 3
    • Dignitaries visiting Ashraf 3
    • Gatherings
    • In Media
    • Locals and Ashraf 3
  • Resources
    • Court Judgments
    • Legal Opinions
    • Press Displays
    • Publication
    • Source Articles

Copyright © 2008 - 2020 by Iran Efshagar - English. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist