Iranian hackers blamed for Fortinet and Microsoft Exchange hacks

By Scott Marlette Last updated Nov 18, 2021

In a joint advisory, top cybersecurity authorities from the US, UK, and Australia have pointed fingers at Iran-backed threat actors for ongoing attacks that exploit multiple Microsoft Exchange and Fortinet vulnerabilities.

According to the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC), the threat actors have been using Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021.

The agencies claim that the attackers exploit the bugs, namely CVE-2021-34473, 2020-12812, 2019-5591, and 2018-13379, to get a foothold into the network, which they then use for various malicious operations, including exfiltrating sensitive data, and deploying ransomware.

Firing indiscriminately

Commenting on the activities of the threat actors, the agencies believe that the group focuses its efforts on exploiting known vulnerabilities rather than targeting specific sectors.

“The Iranian government-sponsored APT [advanced persistent threat] actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,” the agencies note in the joint advisory.

The advisory highlights some of the group’s recent activities, and suggests that they may create persistence in the compromised networks by creating new user accounts on domain controllers, servers, workstations, and active directories.

To mitigate the threat, the agencies advise admins to apply patches for the exploited vulnerabilities without delay, even as it helps admins double-down the security of their networks through several steps such as mandating strong passwords, and implementing multi-factor authentication (MFA).

Build a digital moat around your network using one of these best firewall apps and services, and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.