Nov 23, 2021
92 Views
0 0

Iranian APTs Exploit Microsoft Exchange, Fortinet Vulnerabilities

Written by

Nation-state hackers with ties to Iran have been exploiting vulnerabilities in Microsoft Exchange, known as ProxyShell, and also Fortinet to break into systems.
The vulnerabilities, which have been spotted as early as March 2021, have allowed the APTs to infect systems with ransomware and more. Also, these attacks have targeted countries around the world.  
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement with the Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and United Kingdom’s National Cyber Security Centre (NCSC) in regards to bringing attention to malicious hacking activity.
“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.”
CISA reports that the cyberattacks have hit a wide range of industries, including critical infrastructure. 
A few observations of the activity, as told in CISA’s statement, include the following: 
For a thorough look at the technical details and mitigation tactics, visit the website at us-cert.cisa.gov/ncas/alerts/aa21-321a.
With 2022 just around the corner, have you planned ahead yet for how your organization can prepare to mitigate risks in the New Year? Join SecureWorld for its last event of 2021 on December 2nd, the West Coast virtual conference
[RELATED: The FBI’s Most Wanted Iranian Nation-State Hackers

source

Article Categories:
Cybersecurity News

Comments are closed.