Iranian Hackers Have Been ‘Password-Spraying’ the US Grid (Jan 9, 2019)
The Iran-sponsored Advanced Persistent Threat (APT) group “APT33” have been working to exploit American electric and gas utilities, according to a report by security firm Dragos. Researchers at Dragos have observed APT33 carrying out password-spraying attacks targeting US utilities and oil and gas firms, guessing a set of common passwords for thousands of different accounts. APT33 appears to have been cooperating with another threat group, dubbed “Parasite” by Dragos, who were attempting to exploit vulnerabilities in VPN software of the same US electric utilities and oil and gas firms. According to the research, the intrusion campaign ran throughout all of 2019, and continues as of this writing. Dragos has not commented on whether or not any activities by APT33 and Parasite have resulted in an actual breach.
Recommendation: It is crucial that your company has password policies in place to avoid repetition across accounts and those that can be easily brute-force attacked. Education is the best defense. Using secure and unique passwords for all online accounts is highly recommended.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.