American, British, and Australian officials disclosed that alleged Iranian-backed hackers are behind cyberattacks on targets in the United States and Australia.
“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the transportation sector and the health-care and public-health sector, as well as Australian organizations,” said the CISA statement.
The attacks reportedly utilized existing security vulnerabilities, such as the CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2018-13379 which were found on Microsoft Exchange ProxyShell and Fortinet.
CISA however did not detail who the hackers were, their specific targets or if the attacks were actually successful.
Microsoft added that “six Iranian threat groups” have been conducting ransomware attacks since September 2020 “in waves every six to eight weeks on average.”
“As Iranian operators have adapted both their strategic goals and tradecraft, over time they have evolved into more competent threat actors capable of conducting a full spectrum of operations,” warned Microsoft.
© Fourth Estate
® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.