Breach, Network Security

US, allies warn of Iranian brute-force attacks against critical infrastructure

Share

Global critical infrastructure entities were noted by U.S., Canadian, and Australian government agencies to have been targeted with numerous brute-force attack techniques by Iranian threat actors, who later serve as initial access brokers for stolen network credentials and data, since last October, BleepingComputer reports.

Iranian hackers have launched password spraying, multi-factor authentication push bombing, and other brute-force attack methods to infiltrate healthcare and public health, information technology, energy, engineering, and government organizations' networks and proceed with credential theft, privilege escalation, and lateral movement, according to a joint alert from the Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency, the Communications Security Establishment Canada, the Australian Signals Directorate’s Australian Cyber Security Centre, and the Australian Federal Police. Organizations have been urged to monitor MFA registrations with MFA in unfamiliar devices, possible credential dumping in program execution command-line arguments and processes, and atypical activity in dormant accounts, as well as conduct unusual user agent string scanning to identify brute-force attacks. Such an advisory comes more than a month after suspected Iranian state-backed threat actor Br0k3r, also known as Fox Kitten and UNC757, was reported by the U.S government to have peddled complete domain control privileges from breached U.S. organizations to ransomware affiliates.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.