CP
cyberpings
Threat IntelHIGH

US Reissues $10M Bounty on Iranian Hackers Amid Breach

Featured image for US Reissues $10M Bounty on Iranian Hackers Amid Breach
SCSC Media
Iranian hackersHandalaParsian Afzar Rayan BornaFBIState Department
🎯

Basically, the U.S. is offering money for information on Iranian hackers who breached sensitive data.

Quick Summary

The U.S. has reissued a $10 million bounty for information on Iranian hackers Handala and Parsian Afzar Rayan Borna. This comes after a confirmed breach involving sensitive data. The ongoing threat from these groups is significant, prompting this urgent call for information.

The Threat

The U.S. State Department has reissued a $10 million bounty for information on Iranian hacking groups, specifically targeting Handala and Parsian Afzar Rayan Borna. This decision came shortly after the FBI confirmed a breach involving Handala, which led to the leak of personal emails from Director Kash Patel. The urgency behind this bounty reflects the increasing threat posed by these state-backed groups.

Handala has been linked to multiple cyberattacks against U.S. and Israeli organizations, with reports indicating that their operations have compromised various firms and government entities. The reissue of this bounty underscores a proactive approach by the U.S. government to combat these persistent threats.

Who's Behind It

Handala is not operating alone; it is part of a broader network of Iranian state-sponsored cyber operations. The group has been involved in various attacks that target sensitive information and infrastructure. On the other hand, Parsian Afzar Rayan Borna, an Iranian IT firm, has also been implicated in state-sponsored cyber intrusions, particularly against the Albanian government and opposition parties.

These groups are believed to be closely tied to the Iranian government, making their operations not just a matter of cybersecurity but also a geopolitical concern. The reissued bounty aims to disrupt their activities by incentivizing individuals to provide information that could lead to their capture or neutralization.

Tactics & Techniques

Both Handala and Parsian Afzar Rayan Borna utilize sophisticated tactics to execute their cyber operations. Handala has been known for its ability to breach secure systems and leak sensitive data, while Parsian Afzar Rayan Borna has played a crucial role in orchestrating cyber intrusions that support Iranian state objectives.

The FBI and Justice Department have been actively working to counter these threats, disrupting Handala's operations by targeting their infrastructure. This ongoing battle highlights the need for enhanced cooperation between agencies to effectively combat state-sponsored cyber threats.

Defensive Measures

Organizations that may be at risk from these Iranian hackers should take immediate steps to bolster their cybersecurity defenses. This includes implementing robust incident response plans, conducting regular security audits, and ensuring that all software is up-to-date with the latest security patches.

Furthermore, organizations should educate their employees about the potential risks of phishing attacks and other social engineering tactics commonly used by hackers. By fostering a culture of cybersecurity awareness, companies can better protect themselves from the sophisticated tactics employed by groups like Handala and Parsian Afzar Rayan Borna.

🔒 Pro insight: The reissuance of this bounty signals an escalation in U.S. efforts to counter Iranian cyber operations, indicating a shift towards more aggressive deterrence strategies.

Original article from

SCSC Media
Read Full Article

Share

Related Pings

HIGHThreat Intel

Iranian Hackers Threaten U.S. Water Systems with Attacks

Iranian hackers threaten U.S. water systems, raising alarms about infrastructure security. CISA calls for urgent fixes to critical vulnerabilities. The risks are significant, and immediate action is needed.

CyberWire Daily·
HIGHThreat Intel

North Korean Group Behind Axios Supply Chain Attack

A major supply chain attack on axios has been linked to North Korean hackers. This incident could impact countless organizations using the popular library. Experts warn of the growing threat to software security.

The Record·
HIGHThreat Intel

Russian CTRL Toolkit - Illicit LNK Files Distribute Malware

Malicious LNK files are being used to deploy the Russian CTRL toolkit, which facilitates credential phishing and keylogging. This sophisticated method poses a serious risk to users. Stay informed to protect your data from these evolving threats.

SC Media·
HIGHThreat Intel

Iran Targets M365 Accounts with Password-Spraying Attacks

Iran-linked hackers are targeting Microsoft 365 accounts with password-spraying attacks. Over 300 organizations in Israel and the UAE are impacted. This raises significant security concerns as attackers aim to steal sensitive information.

The Register Security·
HIGHThreat Intel

Dutch Ministry of Finance - Portal Offline After Cyberattack

A cyberattack has forced the Dutch Ministry of Finance to take its treasury portal offline. Around 1,600 public entities are impacted, facing restricted access to essential functions. This incident highlights the vulnerabilities in critical infrastructure security and the need for robust cybersecurity measures.

SC Media·
HIGHThreat Intel

Supply Chain Attack - Axios npm Package Compromised

A major supply chain attack has compromised the Axios npm package, risking user data theft. If you've downloaded versions 1.14.1 or 0.30.4, immediate action is necessary. Protect your credentials and API keys now.

Tenable Blog·