The US and allies warn of Iran’s cyberattacks on critical infrastructure
Cyber security experts in Australia, Canada, and the United States report that since October 2023, Iranian cybercriminals have been targeting users in the health, government, information technology, energy, and engineering sectors. They use brute force and password spraying techniques to gain access to user accounts. Attackers also use the “MFA request bombardment” tactic to trick users into approving access through repeated notifications.
The main goal of these attacks is to obtain credentials and access to internal networks, with the subsequent sale of this information on cybercriminal forums. After penetrating systems, attackers conduct detailed reconnaissance, elevate privileges via the CVE-2020-1472 (Zerologon) vulnerability, and move across the network using remote desktop.
The warning comes after the U.S. government reported in August 2024 an increase in the activity of Iranian cybercriminals who are selling data from compromised networks to other criminals. Attackers use the same tools as other cybercriminal groups and collaborate with criminals to achieve financial and geopolitical goals.