Iran’s hackers are using these tools to steal passwords and deliver ransomware, say FBI and CISA

[ad_1]

Hackers linked to the Iranian Ministry of Intelligence and Security are exploiting a range of vulnerabilities to conduct cyber espionage and other malicious attacks against organisations around the world, a joint alert by US and UK authorities has warned. 

The advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) says an Iranian government-sponsored advanced hacking operation known as MuddyWater is going after a wide range of targets. 

These include telecommunications, defence, local government, and oil and natural gas organisations across Asia, Africa, Europe, and North America. According to CISA, the aim of the attacks is to gain access to networks to steal passwords and sensitive information “to share these with other malicious cyber actors”. 

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

The group are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims’ systems and deploy ransomware, the agencies said. MuddyWater – also known as Earth Vetala, Mercury, Static Kitten and Seedworm – has been active since at least 2018. 

Many of the campaigns leverage phishing attacks to coax targets into downloading ZIP files containing Excel files with malicious macros or PDFs that drop malicious payloads. 

MuddyWater campaigns deploy many different forms of malware to act as loaders and backdoors onto compromised networks. The main loader is a new variant of PowGoop malware, which consists of a DLL loader and a PowerShell-based downloader. The malicious file impersonates a legitimate file that is signed as a Google Update executable file. 

Another form of malware used in the attacks is Small Sieve, a Python backdoor that disguises malicious executables and uses filenames and registry key names associated with Microsoft’s Windows Defender to avoid detection while it helps to expand a foothold in the compromised network. 

Other malware used in the Iranian campaigns include Canopy, a malicious Windows script distributed by phishing emails, and Mori, a backdoor that uses Domain Name System tunneling to communicate with the group’s control infrastructure. 

The agencies have also identified a new PowerShell backdoor described as lightweight in functionality but capable of encrypting communications with command and control servers. 

The Iranian hackers use a variety of known vulnerabilities, which CISA has detailed in an alert. Therefore, organisations can help protect their networks from being compromised by installing security updates for operating systems, software and firmware as soon as they’re released. Of course, using antivirus and keeping it up to date is also suggested. 

CISA also recommends the use of multi-factor authentication whenever possible and limiting the use of administrator privileges for most users – both actions create additional barriers for attackers. 

It’s also recommended that organisations deploy application control software to limit the applications and executable code that can be run by users. Finally, users should be trained to identify and report suspected phishing attacks. 

MORE ON CYBERSECURITY

[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin