A recent investigation by FortiGuard revealed a sophisticated cyber intrusion targeting critical national infrastructure in the Middle East, attributed to an Iranian state-sponsored group. This long-term campaign employed advanced malware and techniques to maintain access and exploit vulnerabilities, posing a significant threat to national security. Affected: Critical National Infrastructure (CNI) in the Middle East
Keypoints :
- The cyber intrusion has been active since May 2023, with a history of compromise dating back to May 2021.
- Attackers utilized stolen VPN credentials to gain access, deploying web shells and custom backdoors on victim servers.
- Novel malware tools like HanifNet, HXLibrary, and NeoExpressRAT were employed to facilitate advanced persistent threats.
- Adversaries leveraged loaders and proxy tools to navigate segmented networks, indicating intent to target sensitive operational technology systems.
- Despite no confirmed OT disruption, significant reconnaissance and credential harvesting were observed throughout the intrusion.
- Following initial containment, attackers escalated their efforts by introducing additional malware and regaining access through zero-day vulnerabilities and phishing attempts.
- The campaign highlights the ongoing risk posed by state-sponsored actors and the necessity for organizations to adopt robust security measures.
- Recommendations include enforcing multi-factor authentication, strengthening network segmentation, and implementing behavioral analytics for threat detection.
Read More: https://gbhackers.com/threat-actors-target-critical-national-infrastructure/