New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

Iranian State-Sponsored APT Exploiting Fortinet FortiOS and Exchange Proxyshell Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the UK National Cyber Security Centre (NCSC) released a joint advisory this morning that an Iranian government sponsored APT group is systematically exploiting known vulnerabilities in Fortinet FortiOS and Microsoft Exchange ProxyShell. Targeted organizations include a wide range of US critical infrastructure sectors, including transportation and healthcare. The following vulnerabilities are being exploited:

Analyst Notes

Recommended mitigations include immediately patching affected software, enforce data backup and restoration protocols, and secure accounts with multi-factor authentication (MFA) to slow down privilege escalation and lateral movement. While these vulnerabilities may be patched, APT groups have the resources to research 0-day exploits and other tactics in order to breach an otherwise secure network perimeter. A defense-in-depth strategy that includes Managed Detection and Response (MDR) and post-exploitation threat hunting is necessary in order to mitigate risks in the modern threat environment.

https://thehackernews.com/2021/11/us-uk-and-australia-warn-of-iranian.html

https://us-cert.cisa.gov/ncas/alerts/aa21-321a