Iran Archives

Tag Archive for: Iran

Attacker: Actor – Mabna Institute / Silent Librarian

March 30, 2018/by Proficio

The Mabna Institute, also known as the threat actor “Silent Librarian” (Phishlabs), is a group of nine Iranian citizens that have been charged in a computer hacking campaign. The campaign compromised various targets, such as US and foreign universities, private companies, and US government entities. Several specific targets were identified by PhishLabs and the FBI, and they include the US Department of Labor, the Federal Energy Regulatory Commission, the Los Alamos National Laboratory, and the Memorial Sloan Kettering Cancer Center. According to the FBI, the campaign has been ongoing for about four years and has compromised 144 US based universities and 176 foreign universities. According to Phishlabs, the tactics of the phishing campaigns used to compromise these entities barely changed over time. Targeted users were sent emails stating their library account was expiring. The users were then directed to a link which was a redirect to a phishing page requesting a username and password.

Proficio Threat Intelligence Recommendations:

User phishing training usually helps mitigate risk against users falling for basic types of phishing campaigns.

Phislabs technical analysis of the campaign – Click Here

FBI release on individuals wanted – Click Here

Method: TA 18-086A: Brute Force Attacks / Password Spraying

March 30, 2018/by Proficio

In March 2018, the Department of Justice indicted nine Iranian nationals for conducting brute force style attacks against organizations in the United States utilizing a technique referred to as “Password Spraying”.

Characteristically, brute force attacks attempt to authenticate credentials by guessing the password of a single user account, however accounts now will typically lock out after a handful of failed attempts. “Password Spraying” attempts to successfully authenticate using easy-to-guess passwords against multiple user accounts. This technique reduces the chance of triggering red flags for multiple failed attempts from a single user.

“Password Spray” attacks target single sign-on (SSO) and cloud-based applications that use federated authentication protocols in an attempt to hide malicious traffic. Federated authentication protocols are used in linking a person’s electronic identity across multiple identity management systems, which will also broaden the attacker’s scope to maximize access to intellectual property during a successful compromise.

Proficio Threat Intelligence Recommendations:

Implement strong password standards
Enable multi-factor authentication
Abstain from clicking non-validated email links

Alert TA 18-086A – Click Here

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tag Archive for: Iran

Quick Links

Proficio

Follow us