Iranian hackers have been increasingly using brute force techniques like password spraying and multifactor authentication 'push bombing' to target critical infrastructure sectors worldwide. A joint advisory by the U.S
Cybersecurity and Infrastructure Security Agency, FBI, NSA, and cyber authorities in Canada and Australia has warned about the threat posed by Iranian state-sponsored cyber actors. These threat actors are targeting various sectors, including healthcare, government, IT, engineering, and energy, to steal credentials and gain deeper system access. The advisory highlighted that Iranian actors have been selling stolen credentials on cybercriminal forums. Additionally, the hackers have become more sophisticated by targeting the satellite and defense sectors with password-spraying campaigns in recent years. The advisory also revealed that the Iranian threat actors are using a method called 'push bombing' to bombard users with mobile phone push notifications, aiming to trick victims into approving the requests or halting the notifications altogether. This aggressive tactic is causing 'MFA fatigue,' which can lead to further exploits. The advisory emphasized the importance of organizations monitoring suspicious logins and implementing stronger cybersecurity measures, such as disabling accounts for departing staff, using phishing-resistant MFA, and aligning password policies with the latest digital identity guidelines. https://www.bankinfosecurity.com/iranian-hackers-using-brute-force-on-critical-infrastructure-a-26542