FBI Warns Iranian Hackers Are Targeting US Orgs Stolen Data

Bleeping Computer is reporting “FBI warns of Iranian hackers looking to buy US orgs’ stolen data”. The FBI warning came in a Private Industry Notification (PIN) to private industry partners warning threat actors will likely use leaked data bought from clear and dark web sources to breach systems of related organizations. The FBI is warning organizations that had data stolen or leaked online before of being targeted in future attacks coordinated by this unnamed Iranian threat actor:

Orgs at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary.

Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims’ networks.

This threat actor is also attempting to breach supervisory control and data acquisition (SCADA) systems with the help of common default passwords, according to the FBI.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this commentary as to a mitigation strategy:

     “Using strong password, periodic rotation of credentials and mandating the use of two-factor authentication are some of the measures that can help protect organizations against attackers who attempt to exploit leaked or stolen data.”

Given how high profile this warning is, this simple advice can help to keep you from getting pwned.

Leave a Reply

%d bloggers like this: