Intelligence agencies in Australia, Canada, and the US warn about an Iran-backed campaign using brute force and other tactics to infiltrate critical infrastructure sectors like healthcare, government, IT, engineering, and energy, targeting victim networks with techniques including password spraying, MFA push bombing, leveraging RDP, Kerberos SPN, and Microsoft AD for lateral movement, privilege escalation, and credential gathering; recommendations include detecting impossible logins, unusual IP activities, MFA registrations, and reviewing password management, MFA settings, providing cybersecurity training, aligning password policies with NIST guidelines, disabling RC4 for Kerberos authentication, and organizations like FBI, NSA, CISA, CSE, AFP, ACSC signing the joint advisory on October 16 to mitigate the threat.
https://www.infosecurity-magazine.com/news/iran-hackers-cni-brute-force/