LOC02:01
23:01 GMT
WASHINGTON, Oct 16 (KUNA) -- The security services of the United States, Canada and Australia released on Wednesday a joint Cybersecurity Advisory to warn network defenders of Iranian cyber actors' use of brute force and other techniques to compromise organizations across multiple critical infrastructure sectors, including the healthcare and public health (HPH), government, information technology, engineering, and energy sectors.
The Advisory was adopted by the US Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC).
"The actors likely aim to obtain credentials and information describing the victim's network that can then be sold to enable access to cybercriminals," according to the document.
Since October 2023, Iranian actors have used brute force, such as password spraying, and multi-factor authentication (MFA) 'push bombing' to compromise user accounts and obtain access to organizations.
The actors frequently modified MFA registrations, enabling persistent access.
The actors performed discovery on the compromised networks to obtain additional credentials and identify other information that could be used to gain additional points of access.
The authoring agencies assess the Iranian actors sell this information on cybercriminal forums to actors who may use the information to conduct additional malicious activity.
This advisory provides the actors' tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs).
The information is derived from FBI engagements with entities impacted by this malicious activity.
The authoring agencies recommend critical infrastructure organizations follow the guidance provided in the Mitigations section. At a minimum, organizations should ensure all accounts use strong passwords and register a second form of authentication.
The United States accuses external forces, particularly Iran, Russia and China, of planning for cyberattacks to influence the presidential elections in November. (end)
asj.gb