A study on the progress of Iranian hacking organisations over the last year was released by the Microsoft Threat Intelligence Center (MSTIC). The employment of tools, tactics, and procedures by the groups has gotten increasingly sophisticated, according to the research.
Six Iranian hacker organisations (DEV-0146, DEV-0227, DEV-0198, DEV-0500, Rubidium, and Phosphorus) have been spreading ransomware and stealing data since September 2020, according to the IT giant. These organisations have grown into increasingly capable threat actors over time. Cyber-espionage, phishing, and password spraying assaults are being carried out by the threat groups, as well as the use of multi-platform malware, supply-chain attacks, and the distribution of wipers and ransomware. DEV-0343 carried out huge password-spraying assaults on U.S. military tech businesses in some of the strikes.
A high level of patience and persistence is one of the themes seen in these groups’ attacks. Phosphorus, Curium, and a Hamas-affiliated hacking outfit have all been linked to such efforts.
While some parties used social engineering to get access to Office 365 accounts in a controlled manner, others used more aggressive approaches such as brute-force attacks. All of the parties employed ransomware to achieve their objectives, and they did it in waves, generally six to eight weeks apart.
With increased resources at its disposal, Iranian threat organisations are growing more adept and adapting to their strategic aims and tradecraft. Furthermore, the organizations are now more capable than they have ever been, and they are carrying out more damaging activities. One of the most effective methods to keep secure and identify such attacks is to share threat intelligence.