American interlligence services have caught a malicious hacking attack from Iran, according to reports.
The organizations responsible for the defense of America’s cyber infrastructure along with British and Australian allies have published a joint warning that an “advanced-persistent-threat hacking group aligned with the Iranian government” has begun exploiting vulnerabilities in the Microsoft Exchange and Fortinet’s FortiOS.
While all of the vulnerabilities have been patched by the manufacturers already, not every organization has installed the necessary updates, making them Iran’s targets.
The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Center, and the Australian Cyber Security Center collaborated to generate this alert.
“FBI and CISA have observed this Iranian government-sponsored APT [Advanced Persistent Threat] group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware. ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia.
The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.”
Iranian Sponsorship of Terrorism Continues With Cyber-terrorism
The Iranians have been state-sponsors of terrorism since Ayatollah Khomeini took control of the once-western aligned nation in 1979 deposing the rightful, ruling Shah Reza Pavlavi.
Through the eighties and nineties, they were paying for bombs, jet fuel, and Kalashnikovs but in the twenty-first century, in addition to funding insurgent operations in Yemen, Iraq, and Syria Tehran’s ruling Islamist mullahs are spending millions supporting hackers attacking the west from safe havens throughout Iran.
According to Microsoft, attacks from Iranian threat actors have been accelerating, striking every 1 to 2 months with frightening regularity over the last year. Dan Goodin writing for Ars Technica wrote:
“Security firm SentinelOne has covered Iran’s use of ransomware here. Wednesday’s advisory contains indicators that admins can use to determine if they’ve been targeted. Organizations that have yet to install patches for the Exchange or FortiOS vulnerabilities should do so immediately.”