CyberSecurity news

FlagThis

@ciso2ciso.com //

Iranian Hackers Target Microsoft 365 and Citrix Systems with MFA Push Bombing


Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Threats | CyberScoop: Iranian hackers are going after critical infrastructure sector passwords, agencies caution
  • www.cisa.gov: This CISA advisory provides details about the Iranian cyber actors' activities, including their tactics, techniques, and procedures.
  • www.bleepingcomputer.com: US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers
  • malware.news: US charges 2 with running 'Anonymous Sudan' hacking group
  • www.nextgov.com: US charges 2 with running 'Anonymous Sudan' hacking group
  • social.skynetcloud.site: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
  • Alerts: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
  • cysec.social: Cysec social media post on US disrupting Anonymous Sudan DDoS operation.
  • cysec.social: Tweet from vxunderground mentioning the arrest of USDoD and the crack down on cybercrime.
  • malware.news: Charges unveiled in ongoing effort to de-anonymise DDoS group Anonymous Sudan
  • infosec.exchange: NSA, in collaboration with FBI, CISA, CSE Canada, AFP and ASD’s ACSC, has released an advisory report on Iranian cyber actors’ use of brute force and other techniques to compromise organizations across multiple critical infrastructure sectors.
  • industrialcyber.co: Iranian hackers use brute force, credential access activity to target critical infrastructure organizations
  • securityonline.info: FBI, CISA, NSA Warn of Iranian Cyberattacks on Critical Infrastructure
  • malware.news: Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
  • www.crowdstrike.com: The security firm CrowdStrike assessed that the success of AnonSudan’s DDoS attacks stemmed from a combination of factors, including sophisticated techniques for bypassing DDoS mitigation services.
  • ciso2ciso.com: Iranian Hackers Using Brute Force on Critical Infrastructure – Source: www.govinfosecurity.com
  • infosec.exchange: CISA, FBI, NSA, and International Partners Release Advisory on Iranian Cyber Actors Targeting Critical Infrastructure Organizations Using Brute Force
  • malware.news: US, allies warn of Iranian brute-force attacks against critical infrastructure
  • www.scworld.com: US, allies warn of Iranian brute-force attacks against critical infrastructure
  • cyberinsider.com: Cyber Insider article on Anonymous Sudan hackers being indicted and their DDoS tools being seized
  • malware.news: Malware.news post on Anonymous Sudan leaders being indicted
  • www.scworld.com: SC World brief on the disruption of Anonymous Sudan DDoS operation
  • ciso2ciso.com: US Charges Anonymous Sudan Members in DDoS Cybercrime Case – Source: www.infosecurity-magazine.com
  • krebsonsecurity.com: This article provides a detailed account of the Anonymous Sudan takedown.
  • infosec.exchange: This post from infosec.exchange mentions the CISA advisory warning about Iranian brute force attacks.
  • www.bleepingcomputer.com: Iranian hackers act as brokers selling critical infrastructure access
  • Threats | CyberScoop: This news article reports on the indictment of two Sudanese nationals for their alleged leadership roles in Anonymous Sudan.
  • cysec.social: Cysec social post about Iranian hacking activities.
  • industrialcyber.co: Industrial Cyber - Microsoft Reports Rising Cyberattacks on Critical Infrastructure, Blurred Lines Between State and Criminal Actors, Need for Deterrents
  • infosec.exchange: Infosec Exchange - Microsoft reports rising cyberattacks on critical infrastructure, blurred lines between state and criminal actors, need for deterrents
  • securityaffairs.com: SecurityAffairs.com's original news report on the indictment of the Anonymous Sudan members.
  • social.skynetcloud.site: Jos1264's tweet referencing the Anonymous Sudan indictment, linking to CISO2CISO's article.
  • infosec.exchange: Iranian hackers use brute force, credential access activity to target critical infrastructure organizations
  • ciso2ciso.com: CISO2CISO’s article reporting on the Iranian hackers’ MFA push-bombing attack, highlighting the targeted systems and the potential impact.
  • hackread.com: This article from Hackread covers the Iranian hackers' MFA push bombing attacks targeting Microsoft 365, Azure, and Citrix Systems.
  • social.skynetcloud.site: A social media post from Skynet Cloud mentioning the Iranian hackers’ MFA push-bombing attack.
  • infosec.exchange: Two Sudanese men accused of being the brains behind the hacktivist group have been arrested by the US government.
  • thehackernews.com: The US Department of Justice (DOJ) announced that it has charged two Sudanese brothers with leading a prolific hacking group, Anonymous Sudan, which launched attacks against governments, businesses, and individuals.
  • cyble.com: Iranian Hackers Target Critical Infrastructure
  • flashpoint.io: An unsealed federal grand jury indictment charges two Sudanese nationals with operating and controlling Anonymous Sudan, an online cybercriminal group responsible for tens of thousands of Distributed Denial of Service (DDoS) attacks against critical infrastructure, corporate networks, and government agencies.
  • securityaffairs.com: U.S. and allies warn of attacks from Iran-linked actors targeting critical infrastructure through brute-force attacks in a year-long campaign.
Classification:
  • HashTags:
  • Company: Microsoft, Citrix
  • Target: Microsoft 365, Azure, Citrix Systems Users
  • Attacker: Iranian Hackers
  • Product: Microsoft 365, Azure, Citrix Systems
  • Feature: MFA
  • Type: Hack
  • Severity: Medium