Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data for cyberattacks. Government agencies in the U.S., Canada, and Australia believe they are acting as initial access brokers using brute-force techniques. They aim to gain persistent access and move laterally within networks, using methods like password spraying and MFA fatigue. The hackers have been observed compromising accounts and exploiting vulnerabilities in Microsoft 365, Azure, and Citrix environments. Recommendations include monitoring authentication logs, looking for unusual activity, and implementing mitigations to improve security against these threats.
We do not own the rights to this content & no infringement intended, CREDIT: The Original Source: www.bleepingcomputer.com
Trendzz Only Comment:
According to this article Iranian hackers are breaching critical infrastructure organizations. The article outlines their methods, such as brute force attacks and MFA exploitation, to gain access to networks in various sectors. It also mentions specific tactics used by the hackers, such as leveraging compromised credentials and impersonating domain controllers. The advisory recommends organizations to monitor authentication logs and implement security measures to detect and prevent such attacks. Overall, the analysis highlights the ongoing threat posed by Iranian hackers and emphasizes the importance of cybersecurity measures.
.