fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US, UK Warn of Iranian Hackers Exploiting Microsoft Exchange, Fortinet

US, UK Warn of Iranian Hackers Exploiting Microsoft Exchange, Fortinet

US, UK, and Australian cybersecurity agencies warned today of ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities linked to an Iranian-backed hacking group.

The warning was issued as a joint advisory released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).

“FBI and CISA have observed this Iranian government-sponsored APT group exploit Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware,” CISA said.

“ACSC is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia,” the joint advisory adds.

Also Read: 10 Tips For Drafting Key Terms In A Service Agreement

The Iranian state hackers focus their attacks on US critical infrastructure sectors (e.g., transportation, healthcare) and Australian organizations.

They aim to gain initial access to targets from critical sectors that could later be used for other nefarious purposes, including data exfiltration, ransomware deployment, and extortion.

CISA and the FBI also shared info on multiple instances when the Iranian-sponsored hacking group was observed, including:

  • In March 2021, the FBI and CISA observed these Iranian government-sponsored APT actors scanning devices on ports 4443, 8443, and 10443 for Fortinet FortiOS vulnerability CVE-2018-13379, and enumerating devices for FortiOS vulnerabilities CVE-2020-12812 and CVE-2019-5591. The Iranian Government-sponsored APT actors likely exploited these vulnerabilities to gain access to vulnerable networks.
  • In May 2021, these Iranian government-sponsored APT actors exploited a Fortigate appliance to access a web server hosting the domain for a US municipal government. The actors likely created an account with the username elie to further enable malicious activity.
  • In June 2021, these APT actors exploited a Fortigate appliance to access environmental control networks associated with a U.S.-based hospital specializing in healthcare for children. The APT actors accessed known user accounts at the hospital from IP address 154.16.192[.]70, which FBI and CISA judge is associated with the government of Iran offensive cyber activity.
  • As of October 2021, these APT actors have leveraged a Microsoft Exchange ProxyShell vulnerability—CVE-2021-34473—to gain initial access to systems in advance of follow-on operations.

The information included in this joint advisory lines up with details shared in a Microsoft Threat Intelligence Center (MSTIC) report on Tuesday.

In the report, Microsoft provided information on the evolution of Iranian APTs and their capability to adapt as an always shape-shifting threat.

Microsoft said it has been tracking six Iranian threat groups who have been deploying ransomware and exfiltrating data in attacks that started in September 2020.

Also Read: How To Make A PDPC Complaint: With Its Importance And Impact

MSTIC observed them scanning and exploiting vulnerabilities in many products, including Fortinet’s FortiOS SSL VPN and Microsoft Exchange server vulnerable to ProxyShell bugs.

The FBI also warned private industry partners a week ago of an Iranian threat actor trying to buy stolen information associated with US and worldwide organizations from clear and dark web sources to breach their systems,

Ransomware attacks by Iranian APTs
Ransomware attacks by Iranian APTs (Microsoft)

“The FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors,” the agencies added.

More technical details on these attacks, including indicators of compromise, MITRE ATT&CK tactics and techniques, detection measures, and mitigations, can be found in the joint advisory published earlier today. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us