Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Microsoft: US critical infrastructure facing cyberattacks by Iranian-linked hacking group

18 апреля 2023 года Hi-network.com

Microsoft has discovered that a subgroup of the Iran-linked hacking group Mint Sandstorm, previously known as PHOSPHORUS, has been conducting cyberattacks on critical infrastructure in the USA, likely as a retaliation for the cyberattacks on Iran's infrastructure in 2021, which Iran attributed to the USA and Israel.

The group would gain initial access to an organisation by exploiting a vulnerability with public proof-of-concept (POCs).It would then run custom PowerShell script for discovery to catalogue the devices in the network. Two attack chains would followed, where hackers would ultimately obtained the Active Directory database used to access credentials for users' accounts (attack chain 1) or deployed a custom malware variant, such as Drokbk or Soldier (attack chain 2). These custom malware is a signal that this group is increasingly sophisticated.

Microsoft: US critical infrastructure facing cyberattacks by Iranian-linked hacking group 2

The two attack chains used by the Mint Sandstorm subgroup. Source:  Microsoft Threat Intelligence

Since this group exploits the publicly available POCs, Microsoft recommends organisations regularly patch vulnerabilities with publicly available POCs.

It is alleged that the Phosphorous hacking group works for the Iranian government and is linked to the Islamic Revolutionary Guard Corps (IRGC).

tag-icon Горячие метки: киберпреступность кибербезопасность

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.