Iranian hackers installed crypto miner on federal agency’s network after exploiting unpatched Log4Shell vulnerability on the VMWare Horizon server to gain access. The threat actors moved laterally to the domain controller, compromised credentials and implanted reverse proxies on several hosts to maintain persistence.
The United States Department of Justice (DOJ) has indicted three Iranian hackers for a campaign of attacks dating back to 2020, including critical infrastructure companies and government agencies.
Two Iranian hackers have been indicted for election interference, charged with stealing information from state voter rolls to personally target thousands of individual voters as well as members of Congress and campaign staffers.
Google has been issuing direct personal warnings to users that appear to have been targeted by a state-sponsored hacking group. The company has taken the unusual step of issuing a general public warning about an Iran-backed threat.
A set of documents obtained by Sky News, allegedly obtained from the Iranian cyber command, details plans by Iran to do advanced real-world damage with cyber attacks. Targets include retail fuel pumps and container ships.
Iranian hackers impersonated Munich Security Conference and Think 20 Summit organizers to target high ranking diplomats and government officials for intelligence collection.
A six-year surveillance operation tied to state-sponsored Iranian hackers appears to have scooped up personal documents and tracked the phone location data of dissidents.