US, UK Blame Iran for Microsoft, Fortinet Cyberattacks Targeting their Security Flaws

The United States and the United Kingdom pinned down multiple recent Microsoft and Fortinet cyberattacks that capitalized on their security flaws to Iran.

Microsoft Patch Tuesday Fixes a Currently Exploited Security Bug
The Microsoft logo is seen at its local headquarters in Beijing on July 20, 2021, the day after the US accused Beijing of carrying out cyber attack on Microsoft and charged four Chinese nationals over "malicious" hack in March. NOEL CELIS/AFP via Getty Images

US, UK Blame Iran for Microsoft, Fortinet Cyberattacks

The cybersecurity authorities of the US, UK, as well as Australia, have already noticed that Iran-hosted attacks are targeting existing security vulnerabilities, such as the CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, CVE-2018-13379.

The Federal Bureau of Investigation, along with the Cybersecurity Infrastructure Security Agency of the US, has already released a joint statement regarding the cyberattacks, noting that the Iranian government-sponsored group was behind it.

To be precise, the FBI and CISA noticed that the APT group was behind multiple attacks that targeted both the Microsoft Exchange ProxyShell vulnerabilities since Oct. Not to mention that it also goes after the vulnerabilities found on Fortinet since way back in March.

The joint statement from the US cyber security authorities further noted that even the Australian Cyber Security Centre or ACSC "is also aware this APT group has used the same Microsoft Exchange vulnerability in Australia."

Iran-led Cyberattacks on Microsoft, Fortinet

The warning from the said authorities regarding the cyberattacks allegedly being carried out by Iran further exposed the scheme.

Instead of going after certain individuals or groups, the hackers went on to focus on the existing vulnerabilities found on both Microsoft and Fortinet.

After which, the next move of the attackers could either end up in a notorious ransomware attack, data exfiltration, or even extortion.

The security flaws that these hackers are infiltrating allow them to have admin access to the devices of their victims. In turn, they could turn on a service known as BitLocker, which encrypts all of the files of the victims.

Then, the attackers will ask for a hefty ransom to give back all of the encrypted files.

Fortinet Vulnerabilities

As per the report by ZDNet, since April, both the FBI and the CISA have already issued their joint warning regarding some of the vulnerabilities that were found on Fortinet.

As such, in July, Fortinet's security flaw was included by the said authorities in the top 30 exploited vulnerabilities.

Microsoft Security Flaws

On the other hand, Microsoft has been aware that Iranian groups are already targeting vulnerabilities found on their software.

As such, the tech giant went on to issue a warning last Nov. 17 regarding the six Iran-based hacking groups that specifically infiltrate the Exchange ProxyShell security issue.

On top of that, ZDNet noted in the same report that the said flaw beneath Microsoft Exchange was previously attacked by hackers that were being backed by China.

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics