Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

Oct. 17, 2024, 9:49 a.m.

Description

The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercriminal forums. It provides tactics, techniques, procedures, indicators of compromise, and mitigation recommendations to strengthen credential security and defend against such threats.

External References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a
https://otx.alienvault.com/pulse/6710d5544a5597a756b8c61b
Tags
CVE-2020-1472
malicious
credential
lateral
infrastructure
2024-10-17
access

Date

  • Created: Oct. 17, 2024, 9:13 a.m.
  • Published: Oct. 17, 2024, 9:13 a.m.
  • Modified: Oct. 17, 2024, 9:49 a.m.

Indicators

  • 09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe
Download all indicators here!

Attack Patterns

  • Iranian

Additional Informations

  • Engineering
  • Information Technology
  • Healthcare
  • Energy
  • Government

Linked vulnerabilities

CVE-2020-1472

None
Published: