"FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm"

The FBI this week issued a private industry notification to warn organizations about the malicious activities conducted by an Iranian cyber company named Emennet Pasargad.   FBI noted that in addition to its election-focused operation, Emennet Pasargad conducted “traditional cyber exploitation activity,” targeting sectors such as news, shipping, travel, oil and petrochemical, telecoms, and financial.  They targeted the United States, Europe, and the Middle East.  The company leveraged various VPNs to hide their location and used several open source and commercial tools in their operations, including SQLmap, Acunetix, ​​DefenseCode, Wappalyzer, Dnsdumpster, Netsparker, wpscan, and Shodan.  In the reconnaissance phase of their hacking operations, the company chose potential victims by searching the web for major organizations representing various sectors.  They would then try to find vulnerabilities in their software for initial access.  The FBI stated that in some instances, the objective may have been to exploit a large number of networks/websites in a particular sector as opposed to a specific organization target.  Emennet Pasargad would also attempt to identify hosting/shared hosting services in other situations.  The company was also observed targeting popular content management systems such as WordPress and Drupal, as well as exposed databases.  In many cases, they attempted to use default passwords to gain access to a targeted system.

SecurityWeek reports: "FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm"