Iranian Cyber Actors' Brute Force And Credential Access Activity Compromises CI Organizations
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), Australian Federal Police (AFP), and Australian Signals Directorate?s Australian Cyber Security Centre (ASD?s ACSC) are releasing this joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors' use of brute force and other techniques to compromise organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors. The actors likely aim to obtain credentials and information describing the victim?s network that can then be sold to enable access to cybercriminals.
Since October 2023, Iranian actors have used brute force, such as password spraying, and multifactor authentication (MFA) ?push bombing? to compromise user accounts and obtain access to organizations. The actors frequently modified MFA registrations, enabling persistent access. The actors performed discovery on the compromised networks to obtain additional credentials and identify other information that could be used to gain additional points of access. The authoring agencies assess the Iranian actors sell this information on cybercriminal forums to actors who may use the information to conduct additional malicious activity.
Some risks are so all-encompassing they go unnoticed. Hiding in plain sight, their sheer scale, paradoxically, can obscure their sheer scale. Instead, we get glimpses here and there but rarely connect the dots across the enterprise.
This is a central problem of technology risk, a term describing the many vulnerabilities associated with an organization's information technology (IT), operational technology (OT) and communications technology (CT). Because technology touches everything a company does, all its assets (physical, digital, intellectual), its people, processes and systems, its vendors and suppliers, its reputation - even its very existence - the scope and layers of risk associated with technology's use can be difficult to comprehend, much less mitigate.
Update On SVR Cyber Operations And Vulnerability Exploitation
The National Security Agency joins the Federal Bureau of Investigation, the United States Cyber Command's Cyber National Mission Force, and the United Kingdom National Cyber Security Centre to warn network defenders about ongoing Russian Federation Foreign Intelligence Service (SVR) cyber threats and to recommend rapid countermeasures for security patching and mitigating systems.
The attached joint Cybersecurity Advisory highlights how Russian SVR cyber actors are currently exploiting a set of software vulnerabilities and have intentions to exploit additional vulnerabilities. It provides a detailed list of publicly disclosed common vulnerabilities and exposures and a list of mitigations to improve cybersecurity posture based on the SVR cyber actors operations.
The opinions or conclusions of the authors reflected in the open source articles and resources is not endorsed and/or does not necessarily reflect the opinion of the Virginia Fusion Center. The sources have been selected to provide you with event information to highlight available resources designed to improve public safety and reduce the probability of becoming a victim of a crime.
------------
You have received this message because has subscribed to the "CyberAware" mailing list. Should you wish to unsubscribe please click the link below.
