Iranian hackers blamed for Fortinet and Microsoft Exchange hacks

Exploited vulnerabilities have already been patched, so update now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In a joint advisory, topcybersecurityauthorities from the US, UK, and Australia have pointed fingers at Iran-backed threat actors for ongoing attacks that exploit multipleMicrosoftExchange andFortinet vulnerabilities.

According to the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC), the threat actors have been using Fortinet vulnerabilities since at least March 2021 and a Microsoft ExchangeProxyShell vulnerabilitysince at least October 2021.

The agencies claim that the attackers exploit the bugs, namely CVE-2021-34473, 2020-12812, 2019-5591, and 2018-13379, to get a foothold into the network, which they then use for various malicious operations, including exfiltrating sensitive data, and deployingransomware.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

Firing indiscriminately

Commenting on the activities of the threat actors, the agencies believe that the group focuses its efforts on exploiting known vulnerabilities rather than targeting specific sectors.

“The Iranian government-sponsored APT [advanced persistent threat] actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,”the agencies notein the joint advisory.

The advisory highlights some of the group’s recent activities, and suggests that they may create persistence in the compromised networks by creating new user accounts on domain controllers, servers, workstations, and active directories.

To mitigate the threat, the agencies advise admins toapply patchesfor the exploited vulnerabilities without delay, even as it helps admins double-down the security of their networks through several steps such as mandatingstrong passwords, and implementing multi-factor authentication (MFA).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Build a digital moat around your network using one of thesebest firewall apps and services, and protect your computers against all kinds of cyber-attacks with thesebest endpoint protection tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well