"US, UK Warn of Iranian Hackers Exploiting Microsoft Exchange, Fortinet"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the UK's National Cyber Security Centre (NCSC) issued a joint advisory warning of the ongoing exploitation of Microsoft Exchange ProxyShell and Fortinet vulnerabilities by an Iranian-backed hacking group. According to CISA, the Iranian government-sponsored Advanced Persistent Threat (APT) group has been observed exploiting Fortinet vulnerabilities since March 2021 and a Microsoft Exchange ProxyShell vulnerability since October 2021. The group exploited these vulnerabilities to gain initial access to systems before carrying out operations, including deploying ransomware. ACSC has also observed the APT group using the Microsoft Exchange vulnerability in Australia. The Iranian state hackers have targeted US critical infrastructure sectors such as transportation and healthcare, as well as Australian organizations, with the goal of gaining access to targets that could later be used for data exfiltration, ransomware deployment, and other malicious purposes. This article continues to discuss the information shared in the joint advisory pertaining to the Iranian-sponsored hacking group.

Bleeping Computer reports "US, UK Warn of Iranian Hackers Exploiting Microsoft Exchange, Fortinet"