News

US Department of Homeland Security warned that Iranian hackers destroy data

Photo of Daniel Zimmermann Daniel ZimmermannJune 26, 2019
0 98 1 minute read

US Cybersecurity Division (Cybersecurity and Infrastructure Security Agency, CISA), belonging to the US Department of Homeland Security, warned of increased activity from Iranian hackers and called on US companies to take protective measures.

According to CBS News, a warning was issued after escalating tensions between US and Iran, during which Iranian hackers intensified attacks against US companies.

“In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity”, — reported in CBS News.

CISA experts warned that arsenal of Iranian hackers most often consist of the following attack methods and types of compromising:

  • targeted fishing of all sorts;
  • credential stuffing – this term refers to situations when usernames and passwords are stolen from some sites and then used against others. In this case, attackers have a ready-made database of credentials (acquired on a darknet, collected on their own, and so on) and try to use this data to log in to any sites and services under the names of their victims;
  • password spraying – an attack in which various usernames are searched and attempted to be used with the same password (for example, 123456 or qwerty), hoping to detect a badly protected account;
  • wipers (wiper) – malware, focused not just on data theft, but their targeted destruction and sabotage.

It should be noted that Iranian APTs have been using vipers for a long time in their campaigns. For example, Malware Shamoon was discovered for the first time back in 2012 and was subsequently used to attack large oil and gas companies (Aramco, RasGas). In 2016 and 2018, the malware was still active and was used to attack oil and gas enterprises in Italy and the Middle East.

The situation at the moment does not cause much concern CISA, but forewarned is forearmed.

“It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software”, – also noted in CISA.

Source: https://www.cbsnews.com

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannJune 26, 2019
0 98 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

darknet marketplace in Germany

Student Who Ran One of the Largest Darknet Marketplaces in Germany Arrested

November 1, 2022
US Senator asks FBI to investigate FaceApp

US Senator asks FBI to investigate FaceApp

July 19, 2019

Teenager found a way to steal all macOS user passwords

February 7, 2019
WIBattack vulnerability in SIM cards

Experts first talked about WIBattack, a critical vulnerability in SIM cards

October 1, 2019

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button