Iranian government-sponsored APT actors are exploiting known Fortinet and Microsoft Exchange vulnerabilities to gain initial access to a broad range of targeted entities in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT group affiliated with the IRGC.
ADVERSARY: IRGC
INDUSTRY: Critical Infrastructure
ATT&CK IDS: T1021 - Remote Services, T1036 - Masquerading, T1547 - Boot or Logon Autostart Execution, T1056 - Input Capture, T1059 - Command and Scripting Interpreter, T1087 - Account Discovery, T1068 - Exploitation for Privilege Escalation, T1495 - Firmware Corruption, T1053 - Scheduled Task/Job, T1136 - Create Account, T1190 - Exploit Public-Facing Application, T1486 - Data Encrypted for Impact, T1560 - Archive Collected Data, T1588 - Obtain Capabilities
Read More:
Comments