Iranian Hackers Target Critical Infrastructure in Global Cyber Espionage Campaign

Cybersecurity specialists from the United States, Australia, and Canada have issued a warning regarding the activities of Iranian hackers targeting critical infrastructure organizations. The key sectors of interest to these malicious actors include healthcare, government, IT, engineering, and energy. Their objective is to gain access to company networks and gather detailed information about systems, which can later be sold on the black market.

Experts indicate that the hackers’ primary focus is not necessarily on causing immediate damage, but rather on obtaining network credentials, which can subsequently be resold. This tactic in cybersecurity is referred to as “initial access brokerage.” Iranian hackers collect data to facilitate access, while the actual attacks are carried out by their clients, whether they be cybercriminal groups or state-sponsored entities.

Among the most frequently used methods of attack are password spraying and “push bombing” tactics, where attackers send numerous multi-factor authentication requests in the hope that the victim will accidentally approve one. Once access is gained, the hackers explore the network, gathering information that will assist them in infiltrating other connected systems. The broader the access, the higher the price for selling it.

A joint advisory from the FBI, CISA, NSA, the Canadian Centre for Cyber Security, the Australian Federal Police, and the Australian Cyber Security Centre provides organizations with a range of recommendations to protect against such attacks. However, the fundamental minimum requirement remains the use of strong passwords and the mandatory implementation of multi-factor authentication.