FBI Warns Iranian Hackers Are Targeting US Orgs Stolen Data

Bleeping Computer is reporting “FBI warns of Iranian hackers looking to buy US orgs’ stolen data”. The FBI warning came in a Private Industry Notification (PIN) to private industry partners warning threat actors will likely use leaked data bought from clear and dark web sources to breach systems of related organizations. The FBI is warning organizations that had data stolen or leaked online before of being targeted in future attacks coordinated by this unnamed Iranian threat actor:

Orgs at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary.

Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims’ networks.

This threat actor is also attempting to breach supervisory control and data acquisition (SCADA) systems with the help of common default passwords, according to the FBI.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this commentary as to a mitigation strategy:

     “Using strong password, periodic rotation of credentials and mandating the use of two-factor authentication are some of the measures that can help protect organizations against attackers who attempt to exploit leaked or stolen data.”

Given how high profile this warning is, this simple advice can help to keep you from getting pwned.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: