Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations
released on 2024-10-17 @ 09:13:56 AM
The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining access, they gather additional credentials, move laterally, and collect data potentially to sell on cybercriminal forums. It provides tactics, techniques, procedures, indicators of compromise, and mitigation recommendations to strengthen credential security and defend against such threats.