The United States and the United Kingdom pinned down multiple recent Microsoft and Fortinet cyberattacks that capitalized on their security flaws to Iran.
US, UK Blame Iran for Microsoft, Fortinet Cyberattacks
The cybersecurity authorities of the US, UK, as well as Australia, have already noticed that Iran-hosted attacks are targeting existing security vulnerabilities, such as the CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2018-13379.
The Federal Bureau of Investigation, along with the Cybersecurity Infrastructure Security Agency of the US, has already released a joint statement regarding the cyberattacks, noting that the Iranian government-sponsored group was behind it.
To be precise, the FBI and CISA noticed that the APT group was behind multiple attacks that targeted both the Microsoft Exchange ProxyShell vulnerabilities since Oct. Not to mention that it also goes after the vulnerabilities found on Fortinet since way back in March.
The joint statement from the US cyber security authorities further noted that even the Australian Cyber Security Centre or ACSC "is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia."
Iran-led Cyberattacks on Microsoft, Fortinet
The warning from the said authorities regarding the cyberattacks allegedly being carried out by Iran further exposed the scheme.
Instead of going after certain individuals or groups, the hackers went on to focus on the existing vulnerabilities found on both Microsoft and Fortinet.
After which, the next move of the attackers could either end up in a notorious ransomware attack, data exfiltration, or even extortion.
The security flaws that these hackers are infiltrating allow them to have admin access to the devices of their victims. In turn, they could turn on a service known as BitLocker, which encrypts all of the files of the victims.
Then, the attackers will ask for a hefty ransom to give back all of the encrypted files.
As such, in July, Fortinet's security flaw was included by the said authorities in the top 30 exploited vulnerabilities.
Microsoft Security Flaws
On the other hand, Microsoft has been aware that Iranian groups are already targeting vulnerabilities found on their software.
As such, the tech giant went on to issue a warning last Nov. 17 regarding the six Iran-based hacking groups that specifically infiltrate the Exchange ProxyShell security issue.
On top of that, ZDNet noted in the same report that the said flaw beneath Microsoft Exchange was previously attacked by hackers that were being backed by China.
This article is owned by Tech Times
Written by Teejay Boris