Iranian hackers are going after critical infrastructure sector passwords, agencies caution | CyberScoop<\/title> <meta name=\"description\" content=\"An international advisory says that the purpose of the \u201cbrute force\u201d attacks is to sell the info to cybercrime forums.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Iranian hackers are going after critical infrastructure sector passwords, agencies caution\"> <meta property=\"og:description\" content=\"An international advisory says that the purpose of the \u201cbrute force\u201d attacks is to sell the info to cybercrime forums.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-10-16T17:59:35+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1256\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1728928671g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1729103471g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82166\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82166\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firanian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firanian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82166 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.678694158076\">\n<div class=\"single-article__header-content\" readability=\"30.411764705882\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> An international advisory says that the purpose of the \u201cbrute force\u201d attacks is to sell the info to cybercrime forums. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"419\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution.jpg?resize=640%2C419&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=300,196 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=768,502 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=1024,670 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=1536,1005 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=600,393 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=257,168 257w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=515,337 515w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=1032,675 1032w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-2.jpg?resize=1289,843 1289w\" sizes=\"(max-width: 1032px) 100vw, 1032px\"><figcaption> Bojanikus, iStock\/Getty Images Plus <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"23.76269982238\"><body readability=\"53.130786516854\"><\/p>\n<p>Iranian hackers are aggressively trying to crack passwords in the health care, government, information technology, energy and engineering sectors, <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-10\/aa24-290a-iranian-cyber-actors-conduct-brute-force-and-credential-access-activity.pdf\">an advisory<\/a> from U.S., Canadian and Australian cyber agencies said Wednesday.<\/p>\n<p>The \u201cbrute force\u201d attacks \u2014 which take a variety of forms \u2014 date to October of last year, according to the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Communications Security Establishment Canada, Australian Federal Police and the Australian Cyber Security Centre.<\/p>\n<p>While much of the recent attention on Iranian cyberattacks have focused on government-connected hackers <a href=\"https:\/\/cyberscoop.com\/iranians-charged-in-trump-campaign-hack\/\">targeting the U.S. elections<\/a>, the purpose of the activity that the advisory highlights seems more criminal in nature.<\/p>\n<p>\u201cThe authoring agencies assess the Iranian actors sell this information on cybercriminal forums to actors who may use the information to conduct additional malicious activity,\u201d the agencies wrote.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The tactics include lobbing a variety of common passwords at the targets, trial-and-error password attempts and multifactor authentication (MFA) \u201cpush bombing,\u201d which involves \u201cbombarding users with mobile phone push notifications until the user either approves the request by accident or stops the notifications,\u201d according to the advisory.<\/p>\n<p>The hackers conduct reconnaissance to determine potential victim identities, and then after gaining access, the hackers often register compromised devices with MFA to retain that access. They also then use their access to more deeply penetrate target systems, the agencies warned.<\/p>\n<p>Despite the hackers\u2019 use of MFA push bombing, the agencies recommend that critical infrastructure organizations enable MFA and use strong passwords as a defense against the Iranian hackers.<\/p>\n<p>Although the advisory is mum on whether the Iranian groups are connected to the government there, <a href=\"https:\/\/cyberscoop.com\/iran-cisa-fbi-ransomware-advisory\/\">another U.S. intelligence advisory<\/a> from August said that Tehran-sponsored hackers have been acting as access brokers for ransomware gangs, highlighting the Iranian connection between government and criminal aims. But the relationship isn\u2019t always simpatico, as a recent <a href=\"https:\/\/cyberscoop.com\/iranian-it-vendor-ransom-cyberattack-banks\/\">ransomware attack on an Iranian IT vendor<\/a> shows.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iranian hackers are going after critical infrastructure sector passwords, agencies<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2785,2921,2786,1209,282,2833,452,273,669,302,117,513,472,1396,761,304,272,2922,288],"tags":[2789,2923,2790,668,286,2836,454,279,671,306,119,517,475,1397,763,308,278,2924,294],"class_list":["post-5828","post","type-post","status-publish","format-standard","hentry","category-australia","category-brute-force","category-canada","category-cisa","category-cybercrime","category-cybersecurity-and-infrastructure-security-agency","category-cybersecurity-and-infrastructure-security-agency-cisa","category-fbi","category-federal-bureau-of-investigation-fbi","category-geopolitics","category-government","category-iran","category-mfa","category-multi-factor-authentication-mfa","category-national-security-agency","category-national-security-agency-nsa","category-nsa","category-password-spraying","category-threats","tag-australia","tag-brute-force","tag-canada","tag-cisa","tag-cybercrime","tag-cybersecurity-and-infrastructure-security-agency","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-fbi","tag-federal-bureau-of-investigation-fbi","tag-geopolitics","tag-government","tag-iran","tag-mfa","tag-multi-factor-authentication-mfa","tag-national-security-agency","tag-national-security-agency-nsa","tag-nsa","tag-password-spraying","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/australia\/\" rel=\"category tag\">Australia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/brute-force\/\" rel=\"category tag\">brute force<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/canada\/\" rel=\"category tag\">Canada<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/federal-bureau-of-investigation-fbi\/\" rel=\"category tag\">Federal Bureau of Investigation (FBI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mfa\/\" rel=\"category tag\">MFA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/multi-factor-authentication-mfa\/\" rel=\"category tag\">multi-factor authentication (MFA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency\/\" rel=\"category tag\">National Security Agency<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency-nsa\/\" rel=\"category tag\">National Security Agency (NSA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nsa\/\" rel=\"category tag\">nsa<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/password-spraying\/\" rel=\"category tag\">password spraying<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5828"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5828\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5828,"date":"2024-10-16T12:59:35","date_gmt":"2024-10-16T17:59:35","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82166"},"modified":"2024-10-16T12:59:35","modified_gmt":"2024-10-16T17:59:35","slug":"iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/16\/iranian-hackers-are-going-after-critical-infrastructure-sector-passwords-agencies-caution\/","title":{"rendered":"Iranian hackers are going after critical infrastructure sector passwords, agencies caution"},"content":{"rendered":"