On Wednesday, cybersecurity officials in the US, UK, and Australia warned that Iran-linked hacking groups were stepping up operations, focusing on enterprise technology weaknesses to breach businesses in the United States and Australia.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), UK’s National Cyber Security Centre (NCSC), and Australian Cyber Security Centre (ACSC) blamed Iran for a spike in attacks exploiting vulnerabilities in Fortinet’s FortiOS and Microsoft Exchange in a joint advisory released Nov. 17. According to the authorities, attackers frequently use BitLocker on infected Windows devices to encrypt data for ransom or obstruct operations.
According to the alert, three Fortinet vulnerabilities have been exploited against US targets since at least March, and attacks targeting the Microsoft Exchange ProxyShell problem have been spotted in both the US and Australia.
These warnings came less than three weeks after a top Iranian official accused the United States and Israel for attacks interrupting fuel sales in Iran. As per a Reuters report, Iran’s civil defense head, Gholamreza Jalali, blamed “the Zionist Regime, the Americans, and their agents” for the outage, which reportedly affected thousands of petrol stations.
Officials from the FBI are also said to have sent a private industry notice (PIN) to corporations alerting them that Iranian criminals are seeking to sell stolen data about email messages and network details on underground forums. They also issued a warning to firms whose data had been taken to look for potential attacks.
Since the US and Israel allegedly used the Stuxnet malware to undermine Iran’s nuclear program in 2009, the country’s internet capabilities have skyrocketed. Iran’s favorite targets are the United States, Israel, and Saudi Arabia.
Microsoft listed eight separate cyber operations groups located in or working in Iran’s interests in an examination of Iran-linked entities released Nov. 16. According to Microsoft’s naming methods, Phosphorus, Rubidium, Curium, and five more groups denote growing clusters of activity that have yet to be named.
The Threat Intelligence Center at Microsoft noticed a few patterns in the organizations’ activity. According to the business, Iranian-backed groups are increasingly employing ransomware, wipers, and other threats to disrupt targets, with six groups spotted using malware during one assault. Microsoft stated that the gangs are getting more patient and persistent in their operations, particularly in social engineering tactics. However, they continue to deploy credential spraying and other brute-force attacks on their targets.
As Iran has invested in greater cyber capabilities and the US has approved more aggressive attacks as part of its Defend Forward strategy, the degree of cyber operations between the two countries has escalated. Ransomware, disk wipes, mobile malware, phishing operations, password spraying, the use of mass vulnerabilities, and attacks targeting supply chains have all been blamed on Iranian entities.
However, the increased tensions are unlikely to discourage Iran and may rather exacerbate its problems. Russian threat actors, for example, have taken control of Iranian infrastructure, making attacks appear to originate from Iran. Meanwhile, many of the cyberattacks that Iran blames on its adversaries have been attributed to hacktivists.
