Global critical infrastructure entities were noted by U.S., Canadian, and Australian government agencies to have been targeted with numerous brute-force attack techniques by Iranian threat actors, who later serve as initial access brokers for stolen network credentials and data, since last October, BleepingComputer reports.
Iranian hackers have launched password spraying, multi-factor authentication push bombing, and other brute-force attack methods to infiltrate healthcare and public health, information technology, energy, engineering, and government organizations' networks and proceed with credential theft, privilege escalation, and lateral movement, according to a joint alert from the Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency, the Communications Security Establishment Canada, the Australian Signals Directorate’s Australian Cyber Security Centre, and the Australian Federal Police. Organizations have been urged to monitor MFA registrations with MFA in unfamiliar devices, possible credential dumping in program execution command-line arguments and processes, and atypical activity in dormant accounts, as well as conduct unusual user agent string scanning to identify brute-force attacks. Such an advisory comes more than a month after suspected Iranian state-backed threat actor Br0k3r, also known as Fox Kitten and UNC757, was reported by the U.S government to have peddled complete domain control privileges from breached U.S. organizations to ransomware affiliates.