thehackernews.com Open in urlscan Pro
2606:4700:20::681a:161  Public Scan

Form analysis
2 forms found in the DOM

GET https://www.google.com/cse

<form action="https://www.google.com/cse" id="searchform" method="get"><input autocomplete="off" id="s" name="q" placeholder="Search Here..." type="text">
  <input name="cx" type="hidden" value="partner-pub-7983783048239650:3179771210">
</form>

Name: f1 — POST https://inl02.netline.com/rssnews0001/

<form action="https://inl02.netline.com/rssnews0001/" class="clear cf" id="subform" method="post" name="f1" target="_blank">
  <div class="email-box-h3">Cybersecurity Newsletter — Stay Informed</div>
  <p>Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.</p>
  <div class="email-input">
    <input name="_submit" type="hidden" value="0001">
    <input id="brand" name="brand" type="hidden" value="thehackernews">
    <div class="e-book"><input checked="yes" id="opt_001" name="opt_001" type="checkbox" value="Y"><input checked="yes" id="opt_003" name="opt_003" type="checkbox" value="Y"></div><label class="visuallyhidden" for="input-email">Email</label><input
      class="text" id="input-email" name="email" placeholder="Enter your email address" required="" type="email">
    <button aria-label="Subscribe" id="submitform" type="submit" value="Subscribe"></button>
  </div>
</form>

Text Content

Follow us    


 Subscribe to Newsletter
 *  Home
 *  Newsletter
 *  Offers

 * Home
 * Data Breaches
 * Cyber Attacks
 * Vulnerabilities
 * Malware
 * Offers
 * Contact





Resources
 * THN Store
 * Free eBooks
 * Freebies
 * RSS Feeds

About Site
 * About Us
 * Our Team
 * Jobs
 * Advertise With Us


Contact/Tip Us

Reach out to get featured—contact us to send your exclusive story idea,
research, hacks, or ask us a question or leave a comment/feedback!

Follow Us On Social Media
    
 RSS Feeds  Email Alerts  Telegram Channel



MICROSOFT WARNS ABOUT 6 IRANIAN HACKING GROUPS TURNING TO RANSOMWARE

November 17, 2021Ravie Lakshmanan

Nation-state operators with nexus to Iran are increasingly turning to ransomware
as a means of generating revenue and intentionally sabotaging their targets,
while also engaging in patient and persistent social engineering campaigns and
aggressive brute force attacks.

No less than six threat actors affiliated with the West Asian country have been
discovered deploying ransomware to achieve their strategic objectives,
researchers from Microsoft Threat Intelligence Center (MSTIC) revealed, adding
"these ransomware deployments were launched in waves every six to eight weeks on
average."



Of note is a threat actor tracked as Phosphorus (aka Charming Kitten or APT35),
which has been found scanning IP addresses on the internet for unpatched
Fortinet FortiOS SSL VPN and on-premises Exchange Servers to gain initial access
and persistence on vulnerable networks, before moving to deploy additional
payloads that enable the actors to pivot to other machines and deploy
ransomware.

Another tactic incorporated into the playbook is to leverage a network of
fictitious social media accounts, including posing as attractive women, to build
trust with targets over several months and ultimately deliver malware-laced
documents that allow for data exfiltration from the victim systems. Both
Phosphorus and a second threat actor dubbed Curium have been spotted
incorporating such "patient" social engineering methods to compromise their
targets



"The attackers build a relationship with target users over time by having
constant and continuous communications which allows them to build trust and
confidence with the target," MSTIC researchers said. In many of the cases we
have observed, the targets genuinely believed that they were making a human
connection and not interacting with a threat actor operating from Iran."

A third trend is the use of password spray attacks to target Office 365 tenants
targeting U.S., E.U., and Israeli defense technology companies, details of which
Microsoft publicized last month, while attributing it to an emerging threat
cluster DEV-0343.



Furthermore, the hacker groups have also demonstrated the capability to adapt
and shape-shift depending on their strategic goals and tradecraft, evolving into
"more competent threat actors" proficient in disruption and information
operations by conducting a spectrum of attacks, such as cyber espionage,
phishing and password spraying attacks, employing mobile malware, wipers and
ransomware, and even carrying out supply chain attacks.

The findings are especially significant in light of a new alert issued by
cybersecurity agencies from Australia, the U.K., and U.S., warning of an ongoing
wave of intrusions carried out by Iranian government-sponsored hacking groups by
exploiting Microsoft Exchange ProxyShell and Fortinet vulnerabilities.

"These Iranian government-sponsored APT actors can leverage this access for
follow-on operations, such as data exfiltration or encryption, ransomware, and
extortion," the agencies said in a joint bulletin published Wednesday.




Found this article interesting? Follow THN on Facebook, Twitter  and LinkedIn
to read more exclusive content we post.

SHARE     
Share
Tweet
Share
Share
 Share on Facebook Share on Twitter Share on Linkedin Share on Reddit
Share on Hacker News Share on Email Share on WhatsApp Share on Facebook
Messenger Share on Telegram
Comments
SHARE 
Iranian Hackers, Microsoft, ransomware
Popular This Week
11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing
Shells
U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet
Flaws
SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts
FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug
Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild
Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from
Victims
Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

Comments



Latest Stories

Other Stories
Reduce Recurring Vulnerabilities
Watch the video to find out how Alice the AppSec Manager turned her consistent
bad days around with help from Secure Code Warrior.
Building a software security program for your development team
Download this whitepaper to find out why developers need to go beyond the OWASP
Top 10 for secure coding mastery.
Best Practices to Thwart Business Email Compromise (BEC) Attacks
Here is a solution to help you detect and stop spoofing and account takeover
attacks.
Learn to Code — 13 Online Courses
Learn to Code — Get 2021 Master Bundle of 13 Online Courses @ 99% OFF
Online Courses and Software
Ethical Hacking - Practical Training
10 courses + 1,236 lessons on latest techniques, forensics, malware analysis,
network security and programming.
1000+ Premium Online Courses
With course certification, Q/A webinars and lifetime access.
Cybersecurity Certification Training
CISA, CISM, CISSP, PMI-RMP, and COBIT 5 certifications.
CompTIA IT Certification Training
Lifetime access to 14 expert-led courses.
Cybersecurity Newsletter — Stay Informed

Sign up for cybersecurity newsletter and get latest news updates delivered
straight to your inbox daily.


Email
Follow Us

760,100 Followers

1,985,000 Followers

275,100 Followers

18,500 Subscribers

125,500 Followers
About
 * About Us
 * Advertising
 * Editorial Team
 * Contact

Pages
 * RSS Feeds
 * Deals Store
 * Privacy Policy
 * Jobs

Deals
 * Exclusives
 * Hacking
 * Development
 * Android

 RSS Feeds
 Contact Us
 Telegram Channel
© The Hacker News, 2021. All Rights Reserved.