Department of the Treasury, discussed the sanctions: Nelson, Under Secretary for Terrorism and Financial Intelligence at the U.S. The actors leveraged a server that the authoring agencies assess is associated with the IRGC-affiliated actors to exfiltrate data from the company's network."īrian E.
"In February 2022, the actors may have exploited a Log4j vulnerability (likely CVE-2021-44228, CVE-2021-45046, and/or CVE-2021) to gain access to the network of a U.S. municipal government, move laterally within the network, establish persistent access, initiate crypto-mining operations, and conduct additional malicious activity." "In February 2022, the actors exploited a Log4j vulnerability (likely CVE-2021-44228, CVE-2021-45046, and/or CVE-2021-45105) in a VMware Horizon application to gain access to the network of a U.S. This activity disrupted the transportation company's operations for an extended period." The actors used their access to move laterally within the network, encrypt network devices with BitLocker, and hold the decryption keys for ransom. "In December 2021, the actors exploited ProxyShell vulnerabilities (likely CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207), on a Microsoft Exchange server to gain access to the network of a U.S. The actors used their access to move laterally within the network, encrypt network devices with BitLocker, and hold the decryption keys for ransom." "In December 2021, the actors exploited ProxyShell vulnerabilities (likely CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) on a Microsoft Exchange server to gain access to the network of a U.S. Cybersecurity and Infrastructure Security Agency (CISA) describes the IRGC's actions in the last few years: They have also been known to exploit VMware Horizon Log4j vulnerabilities. 
The group of threat actors has been observed exploiting known vulnerabilities in Fortinet FortiOS and Microsoft Exchange servers since early 2021 to gain access to a wide range of targeted entities. The United States government, in partnership with cyber authorities from Australia, Canada, and the U.K., have sanctioned 10 individuals and two entities associated with Iran's Islamic Revolutionary Guard Corps (IRGC) for their participation in malicious cyber activity, including ransomware.
0 kommentar(er)
