MSTIC identifies Iranian Threat Actors Targeting IT Sector
Industry: Information Technology | Level: Tactical | Source: Microsoft
A report from Microsoft Threat Intelligence Center (MSTIC) has identified an increase of Iranian threat actors targeting the IT sector, specifically service companies, as a means to access downstream customer networks. The report stated, "This activity is notable because targeting third parties has the potential to exploit more sensitive organizations by taking advantage of trust and access in a supply chain." Targeting of the attacks has been identified to compromising organizations of interest to the Iranian regime. The rise in the attacks was observed from Microsoft, prompting more than 1,600 notifications issued to over 40 IT companies this year in regards to Iranian targeting. This is in comparison to only 48 notifications sent in 2020. Attacks have been observed with DEV-0228 compromising an IT provider in Israel in early July 2021, dumping credentials then pivoting to other organizations within the next two months, compromising other organizations that have strong relations with the initial compromised IT company.
- Anvilogic Scenario: GhostShell Behavior
- Anvilogic Use Case: Remote Admin Tools