Hackers backed by Iran are targeting US critical infrastructure, US warns

Dan Goodin

from Ars Technica - All content on 2021-11-17 22:02 (#5S1JT)

Enlarge / Illustration set of flags made from binary code targets. (credit: Getty Images)

Organizations responsible for critical infrastructure in the US are in the crosshairs of Iranian government hackers, who are exploiting known vulnerabilities in enterprise products from Microsoft and Fortinet, government officials from the US, UK, and Australia warned on Wednesday.

A joint advisory published Wednesday said an advanced-persistent-threat hacking group aligned with the Iranian government is exploiting vulnerabilities in Microsoft Exchange and Fortinet's FortiOS, which forms the basis for the latter company's security offerings. All of the identified vulnerabilities have been patched, but not everyone who uses the products has installed the updates. The advisory was released by the FBI, US Cybersecurity and Infrastructure Security Agency, the UK's National Cyber Security Center, and the Australian Cyber Security Center.

A broad range of targets

The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations," the advisory stated. FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors. These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion."

Read 13 remaining paragraphs | Comments

index?i=2oAob2F-hDs:lqlW-zy4ly8:V_sGLiPB

index?i=2oAob2F-hDs:lqlW-zy4ly8:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/