Vulnerabilities that have already been fixed by Microsoft and Fortune are being widely exploited. US, British and Australian officials issued a warning on Wednesday
The joint consultation released Wednesday notes that a sophisticated persistent threat hacking group aligned with the Iranian government is exploiting vulnerabilities in Microsoft Exchange and FortiOS Fortune, which form the basis of the company's security offerings. All identified vulnerabilities have been fixed, but not all product users have installed updates. Advice was provided by the FBI, the US Cyber Security and Infrastructure Agency, the UK National Cyber Security Center and the Australian Center for Cyber Security.
Wide Range of Targets
In this recommendation, it is stated that Iranian government-sponsored APT actors actively target a wide range of victims in many critical infrastructure sectors in the United States, including This includes the transportation and public healthcare sectors, as well as Australian organizations. The FBI, CISA, ACSC, and NCSC assess that actors focus on exploiting known vulnerabilities rather than targeting specific sectors. These APT representatives, backed by the Iranian government, can use this access for further operations, such as data mining or encryption, ransomware, and extortion. Fortinet vulnerabilities from at least March and Microsoft Exchange vulnerabilities at least as of October for initial access to systems. The hackers then launch other processes that include ransomware. p>
In May, attackers targeted an unnamed US municipality, where an account with the username "elie" may have been used for further hacking. They have created a vulnerable network. . One month later, they hacked into a hospital in the United States that specializes in children's health care. The latest attack likely involved Iran-related servers at 91.214.124 [.] 143, 162.55.137 [.] 20 and 154.16.192 [.] 70.Advertising
has been used. Microsoft Exchange vulnerabilities that give them initial access to systems before the next operation. Australian officials said they also discovered a group using a vulnerability in Exchange.
Beware of anonymous accounts
Hackers may create new accounts on domain controllers, they have set up servers and workstations. and active directories of the networks they have hacked. Some accounts seem to mimic existing accounts, so usernames often differ from target organization to target organization. The consultant said network security personnel should look for anonymous accounts with special consideration for usernames such as Support, Help, elie and WADGUtilityAccount.
The recommendation comes a day after Microsoft announced that calls to a pro-Iranian person had been grouped. Phosphorous is increasingly using ransomware to generate revenue or disrupt enemies. Microsoft added that the group was using "cruel offensive attacks" on targets, and had not installed security checks. CVE-2018-13379. This flaw allows hackers to collect explicit text credentials that are used to access remote servers. Phosphor has added over 900 Fortinet servers in the US, Europe and Israel. p>
READ MORE Microsoft has released a 4-day, 0-day emergency patch for Exchange. Recently, phosphorous has switched to scanning. For internal Exchange servers at risk of CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, a set of flaws is called ProxyShell. Microsoft fixed the vulnerabilities in March. "When they identified the servers at risk, phosphorous sought to stabilize the target systems," Microsoft said. In some cases, actors have downloaded a Plink Runner program called MicrosoftOutLookUpdater.exe. This file is sent periodically to their C2 servers via SSH, allowing the actors to issue more commands. Later, the actors downloaded a custom implant via a PowerShell command with Base64 code. The implant created stability in the victim's system by changing the boot registry keys, and eventually acted as a downloader for downloading additional tools. p>
US warns you to watch out for Iranian government-backed ransomware
Small spaces often mean poor sound. If you're like me and live in a cramped ...
When we looked at Windows 11 about two months ago, it was clear that some parts of the opera...