Why did Iran need to collect intelligence from American companies?
The Microsoft Threat Intelligence team says that the Iranian hacker group APT33 has conducted large-scale attacks since February 2023, aimed at stealing passwords and sensitive information.
Microsoft has warned of a large-scale cyber threat coming from the Iranian hacker group APT33 (Peach Sandstorm, HOLMIUM, Refined Kitten). Since February 2023, the group has been conducting attacks on thousands of organizations in the United States and other countries. Hackers are particularly interested in the defense, satellite technology, and pharmaceutical sectors.
APT33 uses the Password Spraying attack, in which hackers try to log in to multiple accounts using a single password or a list of common passwords. This method differs from brute-force attacks, where they attack a single account by selecting a password from a large list of passwords. This tactic allows attackers to significantly increase the chances of success, minimizing the risk of automatic blocking of accounts.
Hackers also exploited vulnerabilities in uncorrected Confluence and ManageEngine devices to infiltrate victims ' networks. After the penetration, APT33 used the AzureHound and Roadtools frameworks to scout victims in Azure Active Directory and extract data from their cloud environments. Hackers also used compromised Azure credentials to create new subscriptions or abused Azure Arc to manage devices inside the victims network.
Based on the profile of the victim organizations and the observed activity, Microsoft experts concluded that the campaign is probably used to collect intelligence on behalf of Iran.
Iranian cybercriminals have carried out some of the most devastating cyberattacks in the past decade, destroying entire computer networks across the Middle East and the United States. In addition, we have made a detailed analysis of Iran's hacking activities, which will help you understand more about the structure of groups, their goals and capabilities.
And recently, the Iranian hacker group Black Reward, which has previously targeted the Iranian government, announced a new attack , this time targeting a financial app that millions of Iranians use for digital transactions.
The Microsoft Threat Intelligence team says that the Iranian hacker group APT33 has conducted large-scale attacks since February 2023, aimed at stealing passwords and sensitive information.
Microsoft has warned of a large-scale cyber threat coming from the Iranian hacker group APT33 (Peach Sandstorm, HOLMIUM, Refined Kitten). Since February 2023, the group has been conducting attacks on thousands of organizations in the United States and other countries. Hackers are particularly interested in the defense, satellite technology, and pharmaceutical sectors.
APT33 uses the Password Spraying attack, in which hackers try to log in to multiple accounts using a single password or a list of common passwords. This method differs from brute-force attacks, where they attack a single account by selecting a password from a large list of passwords. This tactic allows attackers to significantly increase the chances of success, minimizing the risk of automatic blocking of accounts.
Hackers also exploited vulnerabilities in uncorrected Confluence and ManageEngine devices to infiltrate victims ' networks. After the penetration, APT33 used the AzureHound and Roadtools frameworks to scout victims in Azure Active Directory and extract data from their cloud environments. Hackers also used compromised Azure credentials to create new subscriptions or abused Azure Arc to manage devices inside the victims network.
Based on the profile of the victim organizations and the observed activity, Microsoft experts concluded that the campaign is probably used to collect intelligence on behalf of Iran.
Iranian cybercriminals have carried out some of the most devastating cyberattacks in the past decade, destroying entire computer networks across the Middle East and the United States. In addition, we have made a detailed analysis of Iran's hacking activities, which will help you understand more about the structure of groups, their goals and capabilities.
And recently, the Iranian hacker group Black Reward, which has previously targeted the Iranian government, announced a new attack , this time targeting a financial app that millions of Iranians use for digital transactions.
