Microsoft Exchange and Fortinet Vulnerabilities Exploited by Iranian APT

An APT assault generally involves a group of highly competent hackers with very specific targets and a “slow and steady” approach to planning and executing their crimes.
As Elena mentioned, APT (advanced persistent threat) refers to long-term, multi-staged hacks that are typically orchestrated by highly well-organized criminal networks or even nation-state groups. The term was first used to describe the groups responsible for these attacks, but it has now evolved to refer to the threat actors’ offensive strategies.

For months, a state-backed Iranian threat actor has been utilizing various CVEs to establish a foothold within networks before moving laterally and unleashing BitLocker ransomware, and other malicious tools including both critical Fortinet vulnerabilities and a Microsoft Exchange ProxyShell flaw.

The FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre all tracked the ongoing, hostile cyber assault, according to a joint advisory released by CISA on Wednesday (NCSC).

What Happened?

All security agencies have linked the attacks to an advanced persistent threat (APT) supported by the Iranian government (APT).

As reported by Threatpost, since March 2021, the Iranian APT has been abusing Fortinet vulnerabilities and a Microsoft Exchange ProxyShell

Read More: