US indicts Iranian hackers for Proud Boys voter intimidation emails
Winamp prepares a relaunch, new beta version almost ready
FBI warns of APT group exploiting FatPipe VPN zero-day since May
Windows 10 21H2 is released, here are the new features
Android malware BrazKing returns as a stealthier banking trojan
US indicts Iranian hackers for Proud Boys voter intimidation emails
Winamp prepares a relaunch, new beta version almost ready
Hackers deploy Linux malware, web skimmer on e-commerce servers
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group.
The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).
“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware,” CISA said.
“ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia,” the joint advisory adds.
The Iranian state hackers focus their attacks on US critical infrastructure sectors (e.g., transportation, healthcare) and Australian organizations.
They aim to gain initial access to targets from critical sectors that could later be used for other nefarious purposes, including data exfiltration, ransomware deployment, and extortion.
CISA and the FBI also shared info on multiple instances when the Iranian-sponsored hacking group was observed, including:
The information included in this joint advisory lines up with details shared in a Microsoft Threat Intelligence Center (MSTIC) report on Tuesday.
In the report, Microsoft provided information on the evolution of Iranian APTs and their capability to adapt as an always shape-shifting threat.
Microsoft said it has been tracking six Iranian threat groups who have been deploying ransomware and exfiltrating data in attacks that started in September 2020.
MSTIC observed them scanning and exploiting vulnerabilities in many products, including Fortinet’s FortiOS SSL VPN and Microsoft Exchange server vulnerable to ProxyShell bugs.
The FBI also warned private industry partners a week ago of an Iranian threat actor trying to buy stolen information associated with US and worldwide organizations from clear and dark web sources to breach their systems,
“The FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors,” the agencies added.
More technical details on these attacks, including indicators of compromise, MITRE ATT&CK tactics and techniques, detection measures, and mitigations, can be found in the joint advisory published earlier today. 
Microsoft: Iran-linked hackers target US defense tech companies
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
FBI, CISA, and NSA warn of escalating Conti ransomware attacks
FBI: Ransomware targets companies during mergers and acquisitions
FBI: Ranzy Locker ransomware hit at least 30 US companies this year
Not a member yet? Register Now
Windows 10 21H2 is released, here are the new features
WordPress sites are being hacked in fake ransomware attacks
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Windows 11 KB5007215 update released with application fixes

Microsoft urges Exchange admins to patch bug exploited in the wildMicrosoft November…

Samsung Galaxy S21 hacked on second day of Pwn2Own Austin

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

New Windows 11 Voice Access lets you control the OS with your voice

Emotet now drops Cobalt Strike, fast forwards ransomware attacksSonicWall ‘strongly urges’ customers…

Microsoft: Office 365 will boost default protection for all users

Microsoft: Office 365 will boost default protection for all usersMicrosoft increases Windows…