Security News > 2021 > November > Microsoft warns of the evolution of six Iranian hacking groups
The Microsoft Threat Intelligence Center has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks.
Since September 2020, Microsoft has been tracking six Iranian hacking groups deploying ransomware and exfiltrating data to cause disruption and destruction for victims.
Over time, these hacking groups have evolved into competent threat actors capable of conducting cyber-espionage, using multi-platform malware, disrupting operations with wipers and ransomware, carrying out phishing and password spraying attacks, and even setting up sophisticated supply chain operations.
All of these groups deploy ransomware to achieve their objectives and were deployed in waves, usually six to eight weeks apart.
This year, Microsoft observed the actors scanning for many vulnerabilities, including those targeting Fortinet FortiOS SSL VPN, Microsoft Exchange Servers vulnerable to ProxyShell, and more.
Microsoft has been tracking Iranian actors since almost a decade ago, and the tech giant has had some success in taking parts of their infrastructure offline.