HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
Windows 10 App Installer abused in BazarLoader malware attacks
BotenaGo botnet targets millions of IoT devices with 33 exploits
How to fix the Windows 0x0000007c network printing error
AMD fixes dozens of Windows 10 graphics driver security bugs
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
The Federal Bureau of Investigation (FBI) warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.
The warning came in a private industry notification (PIN) marked as TLP:AMBER, seen by BleepingComputer earlier this week.
According to the FBI, the threat actor will likely use the leaked data (e.g., emails and network info) bought from clear and dark web sources to breach the systems of related organizations.
The FBI says that US organizations that had data stolen and leaked online before should expect to be targeted in future attacks coordinated by this unnamed Iranian threat actor.
Orgs at risk are advised to take mitigation measures to block hacking attempts by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations targeted by this adversary.
Among the Tactics, Techniques, and Procedures (TTPs) used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims’ networks.
This threat actor is also attempting to breach supervisory control and data acquisition (SCADA) systems with the help of common default passwords, according to the FBI.
While the FBI did name the Iranian threat actor in the PIN, the use of site pentest tools and vulnerability scanners such as Acunetix and SQLmap to find insecure servers links it to previous campaigns coordinated by Iranian state-backed hacking group.
For instance, another unnamed Iranian hacking group used similar tools to steal voter registration data from state election sites between September and October 2020.
That voter info was later used to impersonate the far-right Proud Boys organization and send threatening emails to Democratic voters warning that they must vote for Trump or face the consequences.
The FBI’s Cyber Division also warned in a private industry notification issued last week that ransomware gangs have compromised the networks of several tribal-owned casinos, taking down their servers and disabling connected systems.
The same week, the federal agency also alerted the public that criminals are increasingly using cryptocurrency ATMs and QR codes for fraud, making it harder for law enforcement to recover the victims’ financial losses.
Microsoft: Iran-linked hackers target US defense tech companies
FBI: Ransomware targets companies during mergers and acquisitions
FBI: Ranzy Locker ransomware hit at least 30 US companies this year
FBI warns of fake govt sites used to steal financial, personal data
US government discloses more ransomware attacks on water plants
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.