Security News > 2021 > November > FBI warns of Iranian hackers looking to buy US orgs’ stolen data
The Federal Bureau of Investigation warned private industry partners of attempts by an Iranian threat actor to buy stolen information regarding US and worldwide organizations.
According to the FBI, the threat actor will likely use the leaked data bought from clear and dark web sources to breach the systems of related organizations.
The FBI says that US organizations that had data stolen and leaked online before should expect to be targeted in future attacks coordinated by this unnamed Iranian threat actor.
Among the Tactics, Techniques, and Procedures used in attacks by this threat actor since May 2021, the FBI mentions the use of auto-exploiter tools used to compromise WordPress sites to deploy web shells, breaching RDP servers and using them to maintain access to victims' networks.
This threat actor is also attempting to breach supervisory control and data acquisition systems with the help of common default passwords, according to the FBI. While the FBI did name the Iranian threat actor in the PIN, the use of site pentest tools and vulnerability scanners such as Acunetix and SQLmap to find insecure servers links it to previous campaigns coordinated by Iranian state-backed hacking group.
Another unnamed Iranian hacking group used similar tools to steal voter registration data from state election sites between September and October 2020.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- US shares tips to block hackers behind recent telecom breaches (source)