Iranian Cybercriminals on the Lookout for Data Stolen from US Companies, FBI Says
The Iran-based Threat Actors Are Interested in Purchasing Stolen Info from Orgs Worldwide.
Earlier this week, the Federal Bureau of Investigation (FBI) issued a warning for private business partners about an Iranian cybercriminal’s attempt to purchase stolen data belonging to the US and international companies.
The federal law enforcement agency stated that attackers will probably use stolen material such as email messages and network information purchased from clear and dark websites to compromise the systems of related organizations.
Watch Out, US Organizations!
They further said that American companies that have had information stolen and published online in the past should expect to be targeted in future attacks conducted by this unknown Iranian hacker.
Companies in danger are recommended to take preventive measures against cyberattacks by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations that have been targeted by this particular threat actor.
Among the Tactics, Techniques, and Procedures (TTPs) employed by this cybercriminal in attacks since May 2021, the FBI notes the use of auto-exploiter tools used to compromise WordPress websites to install web shells, as well as hacking RDP servers and using them to secure access to targets’ network systems.
According to BleepingComputer, this hacker is also trying to breach supervisory control and data acquisition (SCADA) systems using common default passwords.
As explained by the FBI, the employment of site pentest tools and vulnerability scanners like Acunetix and SQLmap to detect vulnerable servers connects it to past campaigns orchestrated by an Iranian state-backed hacking organization.
In a private industry notification released last week, the FBI’s Cyber Division also notified that ransomware organizations had breached the networks of many tribal-owned casinos, knocking down their servers and crippling associated systems.
Also, they warned the public that hackers are increasingly exploiting cryptocurrency ATMs and QR codes to defraud people, making it more difficult for law enforcement to recuperate victims’ stolen money.