Cybersecurity companies within the US, UK, Australia and Canada have warned that Iranian state-sponsored hackers are exploiting Log4j vulnerabilities in ransomware campaigns.
An alert revealed this week stated Tehran’s Islamic Revolutionary Guard Corps (IRGC) was behind a number of assaults exploiting VMware Horizon Log4j bugs on unprotected networks to allow disk encryption and information extortion.
These embody February assaults towards a US municipal authorities and an aerospace firm which leveraged the unique Log4Shell bug CVE-2021-44228 in addition to associated vulnerabilities CVE-2021-45046 and CVE-2021-45105.
That is in step with earlier IRGC campaigns that exploited ProxyShell vulnerabilities in Microsoft Change and zero-day flaws in Fortinet FortiOS merchandise, the alert claimed.
“After getting access to a community, the IRGC-affiliated actors seemingly decide a plan of action primarily based on their perceived worth of the info. Relying on the perceived worth, the actors might encrypt information for ransom and/or exfiltrate information,” it defined.
“The actors might promote the info or use the exfiltrated information in extortion operations or ‘double extortion’ ransom operations the place a menace actor makes use of a mixture of encryption and information theft to strain focused entities to pay ransom calls for.”
If the state-backed actors are looking for to generate funds for the Islamic Republic by means of these efforts, it will mark a brand new part in Iranian menace exercise. Tehran has largely centered to this point on cyber-espionage for geopolitical functions and assaults designed to disrupt bodily and significant infrastructure, as within the current marketing campaign towards Albania.
“Based mostly on the most recent intelligence throughout the 5 Eyes, this advisory once more underscores that organizations of all sizes proceed to be focused by succesful and more and more refined adversaries,” argued Australian Cyber Safety Centre boss, Abigail Bradshaw.
“It’s completely crucial that organizations strengthen their cyber-defenses by reviewing these protecting measures and implementing them instantly. Particularly, I urge organizations to patch their techniques towards various already identified crucial vulnerabilities.”
Additionally this week, the US indicted three Iranian nationals allegedly answerable for ransomware assaults towards tons of of small companies, authorities companies, non-profits and academic and spiritual establishments throughout the US, UK, Israel and even Iran.
On the identical time, the US Treasury introduced sanctions on 10 people and two entities linked to the IRGC, together with the three males indicted by the Division of Justice (DoJ).
