U.S. Govt Released Advisory on how Iranian APT Group Obtained Voter Registration Data

https://gbhackers.com/iranian-apt-group/

The latest advisory released by the Cybersecurity and Infrastructure Security Agency (CISA) together with the FBI, states that they are mindful of an Iranian Advanced Persistent Threat (APT) actor targeting United States websites, consisting of election sites.

Analysis by the CISA and FBI reveal that this actor scanned state sites with the Acunetix vulnerability scanner, an extremely popular web scanner.

The gain access to of the information seems to include the “abuse of site misconfigurations and a scripted process utilizing the cURL tool to iterate through voter records”.

It is extremely a good idea that those who do not use Acunetix on a routine basis closely monitor their logs for any activities stemming from the list of IP addresses released by the CISA in Alert (AA20-304A).

Some reports believe that this might be the work of the American reactionary group referred to as the Proud Boys, though the group has actually highly refuted these allegations.

The report confirms that the voter registration information has been successfully gotten in a minimum of one state, though the identity of the state stays a mystery.

It is thought that a group of hackers have accessed the citizen information and have actually sent countless threatening emails, reading “You will vote for Trump on Election Date or we will come after you”.

In an attempt to enhance their efforts to study and make use of the state election sites, the FBI thinks that the actor looked into the following information as well:

YOURLS make use of
Bypassing ModSecurity Web Application Firewall
Detecting Web Application Firewalls
SQLmap tool

The other day, the United States imposed sanctions on 11 entities and 5 individuals related to Irans oil market. We will not fluctuate in our efforts to pursue any entity or specific helping the Iranian program in averting our sanctions.– Secretary Pompeo (@SecPompeo) October 30, 2020.

The Islamic Republic of Iran rejects the threadbare claims and the fabricated, incompetent and deceiving reports from the US routines officials, worrying once again that it makes no distinction to Tehran which of the two candidates would reach the White House.– Iran Foreign Ministry (@IRIMFA_EN) October 22, 2020

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.

The Iranian federal government has shot down any affiliations to such activities in a series of tweets, while the US secretary Mike Pompeo, on his main twitter manage tweeted regarding the releasing of sanctions to numerous Iranian entities.

It has actually been recognized that numerous entities went through scanning by the Acutenix Web Vulnerability platform between September 20 and September 28, 2020 As seen from the timeline below, the activity was carried out in a carefully planned and phased manner over a prolonged amount of time.

Check out

CISA Warns of Emotet Malware Attacks Targeting Government Entities Via Weaponized Word Documents

CISA cautions that Chinese Hackers Using Open-source Exploitation Tools to Target U.S. Agencies