Critical infrastructure sectors around the world have been the focus of Iranian hackers’ aggressive attacks. After breaking into these networks, they have been selling access to other cybercriminals. According to a joint advice from cybersecurity authorities in the US, Canada, and Australia, the hackers have targeted industries like information technology, healthcare, government, and energy.
By selling passwords and network data they have obtained on underground forums, these attackers serve as first access brokers.
According to the statement, Iranian criminals have been compromising user accounts since October 2023 by using brute force techniques such password spraying and multifactor authentication (MFA) “push bombing.” By bombarding users with MFA requests until one is inadvertently authorized, these techniques give hackers access.
The hackers obtain more credentials and elevate their privileges once they are inside the targeted systems, giving them more authority over the hacked networks. Other threat actors frequently purchase these credentials, which they can use for espionage or additional cyberattacks.
The hackers sold “full domain control privileges,” which allowed purchasers to exploit the name for nefarious reasons, according to BleepingComputer. SecurityWeek also disclosed that Iranian hackers, namely a collective known as Cyber Av3ngers, have recently resorted to artificial intelligence (AI) tools such as ChatGPT to facilitate their reconnaissance and attack preparation.
According to OpenAI, this organization conducted attacks on water utilities in the US and Ireland using ChatGPT to find weaknesses in industrial control systems (ICS). The AI technologies helped with vulnerability investigation even if they didn’t offer any revolutionary capabilities.
The advice encourages businesses to fortify their defenses against these changing strategies by putting in place phishing-resistant multi-factor authentication (MFA), keeping an eye out for odd login activity, and improving password security procedures.
