![]() ![]() “The actors may sell the data or use the exfiltrated data in extortion operations or double extortion ransom operations where a threat actor uses a combination of encryption and data theft to pressure targeted entities to pay ransom demands.” “After gaining access to a network, the IRGC-affiliated APT actors likely determine a course of action based on their perceived value of the data,” the advisory says. The access is then leveraged for further malicious activities, including deploying tools to support ransom and extortion operations and extract data. While Fortinet FortiOS and Microsoft Exchange server vulnerabilities remain a favoured method to gain initial access, the ACSC says that APT actors have used CVE-2021-34473 in Australia. The latest advisory notes that the hackers often operate under the auspices of Najee Technology Hooshmand Fater LLC, based in Karaj, Iran and Afkar System Yazd Company, based in Yazd, Iran. Since then, the hacking attempts have continued. The Five Eyes nations previously issued an alert regarding Iranian Government-sponsored APT cyber-actors in November 2021. “Based on the latest intelligence across the Five Eyes, this advisory again underscores that organisations of all sizes continue to be targeted by capable and increasingly sophisticated adversaries,” said ACSC Head Abigail Bradshaw ![]() ![]() In addition, authorities report Iranian affiliated APT actors are actively exploiting VMware Horizon Log4j vulnerabilities for initial access, and also Log4j2 vulnerabilities in SysAid applications. Those known vulnerabilities include previously publicised flaws in Fortinet and Microsoft Exchange. ![]() “The authoring agencies assess the actors are exploiting known vulnerabilities on unprotected networks rather than targeting specific targeted entities or sectors.” “The IRGC-affiliated actors are actively targeting a broad range of targeted entities, including entities across multiple US critical infrastructure sectors as well as the United Kingdom, Australian and Canadian organizations,” the advisory reads. Issued on September 15, the advisory warns that malicious cyber activity by advanced persistent threat (APT) actors connected with Iran’s Islamic Revolutionary Guard Corps (IRGC) is on the rise. The Australian Cyber Security Centre (ACSC) has joined forces with other Five Eyes nations to issue a joint advisory regarding ongoing Iranian state-sponsored cyber threats. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |