Cyber security research groups observe signs of Emotet malware returning and rebuilding its botnet via TrickBot
November 15, 2021
US federal bank regulators approve new rule ordering banks to report cyberattacks within 36 hours
November 19, 2021

US releases joint advisory warning companies of Iranian APT group that has been involved in ransomware attacks

On Wednesday 17th of November 2021, Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint cybersecurity advisory where they warned of ongoing malicious cyber activity that FBI, CISA, ACSC, and NCSC have observed and associated with an advanced persistent threat (APT) group that is linked to the government of Iran.

The group have been observed targeting and exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

It is known that Iranian government-sponsored APT threat actors actively target a broad range of organisation across the U.S. and Australia. These Iranian government-sponsored APT actors have been observed using the access they gain for further operations that have involved data exfiltration and ransomware attacks. The advisory provides tactics and techniques that FBI, CISA, ACSC and NCSC have observed as well as indicators of compromise (IOCs) of the threat actors. The recommended actions to be taken immediately are patching software that is affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591.

Leave a Reply

Your email address will not be published. Required fields are marked *