Earlier this week, the Federal Bureau of Investigation (FBI) issued a warning for private business partners about an Iranian cybercriminal’s attempt to purchase stolen data belonging to the US and international companies.
The federal law enforcement agency stated that attackers will probably use stolen material such as email messages and network information purchased from clear and dark websites to compromise the systems of related organizations.
Watch Out, US Organizations!
They further said that American companies that have had information stolen and published online in the past should expect to be targeted in future attacks conducted by this unknown Iranian hacker.
Companies in danger are recommended to take preventive measures against cyberattacks by securing Remote Desktop Protocol (RDP) servers, Web Application Firewalls, and Kentico CMS installations that have been targeted by this particular threat actor.
Among the Tactics, Techniques, and Procedures (TTPs) employed by this cybercriminal in attacks since May 2021, the FBI notes the use of auto-exploiter tools used to compromise WordPress websites to install web shells, as well as hacking RDP servers and using them to secure access to targets’ network systems.
According to BleepingComputer, this hacker is also trying to breach supervisory control and data acquisition (SCADA) systems