{"id":5801,"date":"2021-11-17T23:18:54","date_gmt":"2021-11-17T14:18:54","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=5801"},"modified":"2021-12-13T23:23:03","modified_gmt":"2021-12-13T14:23:03","slug":"us-releases-joint-advisory-warning-companies-of-iranian-apt-group-that-has-been-involved-in-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/us-releases-joint-advisory-warning-companies-of-iranian-apt-group-that-has-been-involved-in-ransomware-attacks\/","title":{"rendered":"US releases joint advisory warning companies of Iranian APT group that has been involved in ransomware attacks"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5801\" class=\"elementor elementor-5801\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-a098376 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"a098376\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4f73027\" data-id=\"4f73027\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1464cdf elementor-widget elementor-widget-text-editor\" data-id=\"1464cdf\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On\u00a0Wednesday 17<sup>th<\/sup> of\u00a0November\u00a02021,\u202fFederal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom\u2019s National Cyber Security Centre (NCSC)\u00a0released a joint cybersecurity advisory where they warned of ongoing malicious cyber activity that FBI, CISA, ACSC, and NCSC have observed and associated with an advanced persistent threat (APT) group that is linked to the government of Iran.<\/p><p>The group have been observed targeting and exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.<\/p><p>It is known that Iranian government-sponsored APT threat actors actively target a broad range of organisation across the U.S. and Australia. These Iranian government-sponsored APT actors have been observed using the access they gain for further operations that have involved data exfiltration and ransomware attacks. The advisory provides tactics and techniques that FBI, CISA, ACSC and NCSC have observed as well as indicators of compromise (IOCs) of the threat actors. The recommended actions to be taken immediately are patching software that is affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On&nbsp;Wednesday 17th of&nbsp;November&nbsp;2021,\u202fFederal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom\u2019s National Cyber Security Centre (NCSC)&nbsp;released a joint cybersecurity advisory where they warned of ongoing malicious cyber activity that FBI, CISA, ACSC, and NCSC have observed and associated with an advanced persistent threat (APT) group that is<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":5806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,2,7,8,1],"tags":[],"class_list":["post-5801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ce_news","category-by_country","category-industry_sector","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2021\/12\/Picture1-17.jpg?fit=1371%2C913&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5801"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=5801"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5801\/revisions"}],"predecessor-version":[{"id":5809,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/5801\/revisions\/5809"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/5806"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=5801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=5801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=5801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}