Security News > 2021 > November > Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware

Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks.

No less than six threat actors affiliated with the West Asian country have been discovered deploying ransomware to achieve their strategic objectives, researchers from Microsoft Threat Intelligence Center revealed, adding "These ransomware deployments were launched in waves every six to eight weeks on average."

Of note is a threat actor tracked as Phosphorus, which has been found scanning IP addresses on the internet for unpatched Fortinet FortiOS SSL VPN and on-premises Exchange Servers to gain initial access and persistence on vulnerable networks, before moving to deploy additional payloads that enable the actors to pivot to other machines and deploy ransomware.

A third trend is the use of password spray attacks to target Office 365 tenants targeting U.S., E.U., and Israeli defense technology companies, details of which Microsoft publicized last month, while attributing it to an emerging threat cluster DEV-0343.

The hacker groups have also demonstrated the capability to adapt and shape-shift depending on their strategic goals and tradecraft, evolving into "more competent threat actors" proficient in disruption and information operations by conducting a spectrum of attacks, such as cyber espionage, phishing and password spraying attacks, employing mobile malware, wipers and ransomware, and even carrying out supply chain attacks.

"These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion," the agencies said in a joint bulletin published Wednesday.

News URL

https://thehackernews.com/2021/11/microsoft-warns-about-6-iranian-hacking.html