Iranian hackers are targeting critical sectors with ‘brute force’, US and Canada say – National

Iranian cyber actors have used “brute force” and other techniques to gain access to multiple critical infrastructure organizations and steal information over the past year, a US, Canadian and Australian consultancy says.

The joint advisory released Wednesday by the U.S. Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation says the actors have targeted organizations within the healthcare, government, information technology, engineering and energy sectors.

“The actors likely aim to obtain credentials and information describing the victim’s network, which can then be sold to enable access to cybercriminals,” the consultancy says.

The Canadian Communications Security Establishment, the Australian Cyber ​​Security Center and the Australian Federal Police joined the US agencies in drafting the joint advisory, which states the activity dates back to October 2023.

Brute force techniques involve systematically guessing passwords to gain access to victims’ user and group email accounts, or using a password reset tool.

Story continues below ad

The advisory says the Iranian actors have also used “push bombing” on accounts protected by multi-factor authentication (MFA) – bombarding users with notifications until the request is accidentally approved or MFA is disabled.

According to the advisory, the actors then register their own devices with MFA to ensure they stay connected to the hacked account.


Click to play the video: 'Canadian agencies are ill-equipped to tackle the growing threat of cybercrime, says the auditor general'


Canadian agencies are ill-equipped to tackle the growing threat of cybercrime, the auditor general has found


Once logged in, the agencies say the Iranian actors conducted “discovery” on the compromised networks to obtain additional credentials and other information that would allow access.

Receive the day's top news, political, economic and current affairs features, delivered to your inbox once a day.

Receive national news daily

Receive the day’s top news, political, economic and current affairs features, delivered to your inbox once a day.

“The authoring agencies assess that Iranian actors are selling this information in cybercriminal forums to actors who can use the information to conduct additional malicious activities,” the advisory says.

The agencies say organizations can detect brute force activity by looking for repeated failed login attempts in their authentication logs, as well as logins and MFA authentications from “unexpected locations or from unknown devices.” Checking IP addresses against known user accounts can also reveal compromised accounts.

Story continues below ad

Organizations can further protect themselves by reviewing password practices, completely deleting accounts and credentials of departed personnel, implementing phishing-resistant MFA, and consistently reviewing MFA settings to protect “exploitable services.”

“These measures apply to critical infrastructure entities across all sectors,” the advisory says.

The advisory was issued a day after Microsoft’s latest digital threats report identified Iran as one of the top cyber threat actors, which, along with Russia and China, is increasingly dependent on criminal networks to conduct cyber espionage and hacking operations against adversaries such as the US and its allies.

In one example, Microsoft analysts discovered that a criminal hacking group with links to Iran infiltrated an Israeli dating site and then attempted to sell or ransom the personal information it obtained. Microsoft concluded that the hackers were trying to embarrass Israelis and make money.


Click to play video: 'US Elections: FBI Investigates Trump Campaign Allegations of Iran-Backed Cyberattack'


US Elections: FBI Investigates Trump Campaign Allegations of Iran-Backed Cyberattacks


US officials have accused Iran of covertly supporting US protests against Israel’s conflict with Hamas in Gaza. The Microsoft report said Iranian actors have targeted the US and its Middle East allies, such as the United Arab Emirates and Bahrain, for their perceived support for Israel in the broader Middle East conflict.

Story continues below ad

Networks linked to Iran, Russia and China have also targeted American voters, using fake websites and social media accounts to spread false and misleading claims about the upcoming US presidential election.

Iranian hackers targeted Donald Trump’s campaign and the email accounts of some supporters and stole material, which the FBI said the hackers unsuccessfully tried to sell to the Democratic campaign. Three Iranian agents have been charged in the cyber attack.

Iran has denied any knowledge of or involvement in cyber activities against other countries.

– with files from The Associated Press


&copy 2024 Global News, a division of Corus Entertainment Inc.



Sean Boynton

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *