216.73.217.22

Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

· Published 17/10/2024 09:13 · Modified 17/10/2024 09:49

Export JSON

Essential information

Published
17/10/2024 09:13
Modified
17/10/2024 09:49
Tags
2024-10-17 CVE-2020-1472 access credential infrastructure lateral malicious
Related entities
1 vulnerabilities (cve), 1 observables, 1 intrusion sets (apt), 5 others

Description

The advisory warns of Iranian cyber actors employing brute force techniques like password spraying and MFA 'push bombing' to compromise user accounts across critical sectors. After gaining , they gather additional credentials, move laterally, and collect data potentially to sell on cybercriminal forums. It provides tactics, techniques, procedures, indicators of compromise, and mitigation recommendations to strengthen security and defend against such threats.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Vulnerabilities (CVE) (1)

CVE-2020-1472 KEV
5.5 Medium

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a …

Attack vector
Local
Published
03/11/2021
Modified
27/05/2026

Observables (1)

  • 09407d2e3ac7d6af13c407d17ec8e51b6d1b1d8271df65ebd0b3ffbab420b2fe

Intrusion sets (APT) (1)

  • Iranian
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 21/12/2025 07:10 · Modified 21/12/2025 07:10

Others (5)

  • Engineering
  • Information Technology
  • Healthcare
  • Energy
  • Government

External references