Iranian threat actors targeting businesses and governments, CISA, Microsoft warn

Hacker using computer for organizing massive data breach attack on goverment servers. Hacker in dark room surrounded computers



Defenders should watch for an archive file named Network Security.zip, which includes an .exe with the Tickler malware, and for a Trojan dropper named sold.dll.

Here’s another example of Peach Sandstorm tactics detailed by Microsoft: After hacking into a European defense organization, the gang moved laterally using the Windows SMB (Server Message Block) protocol. This protocol, which is used for sharing files, printers, and other resources on a network, has been misused by many threat actors. Microsoft offers this advice to network admins for preventing SMB from being used as an attack tool.

In another attack, against a Middle East-based satellite operator, Peach Sandstorm compromised a user using a malicious ZIP file delivered via a Microsoft Teams message, followed by dropping Active Directory (AD) Explorer and taking an AD snapshot. An AD snapshot is a read-only, point-in-time copy of the AD database and related files, which can be used for various legitimate administrative tasks. These snapshots can also be exploited by threat actors for malicious purposes.



Source link
lol

Defenders should watch for an archive file named Network Security.zip, which includes an .exe with the Tickler malware, and for a Trojan dropper named sold.dll. Here’s another example of Peach Sandstorm tactics detailed by Microsoft: After hacking into a European defense organization, the gang moved laterally using the Windows SMB (Server Message Block) protocol. This…

Leave a Reply

Your email address will not be published. Required fields are marked *