Sign In

Communications of the ACM

ACM News

Iranian Hackers Are Going After U.S. Critical Infrastructure

View as: Print Mobile App Share:

The FBI and CISA have observed the group exploiting Fortinet vulnerabilities since at least March, and Microsoft Exchange vulnerabilities since at least October.

Credit: Kaveh Kazemi/Getty Images

Organizations responsible for critical infrastructure in the U.S. are in the crosshairs of Iranian government hackers, who are exploiting known vulnerabilities in enterprise products from Microsoft and Fortinet, government officials from the U.S., U.K., and Australia warned on Wednesday.

A joint advisory published Wednesday said an advanced-persistent-threat hacking group aligned with the Iranian government is exploiting vulnerabilities in Microsoft Exchange and Fortinet's FortiOS, which forms the basis for the latter company's security offerings. All of the identified vulnerabilities have been patched, but not everyone who uses the products has installed the updates. The advisory was released by the FBI, U.S. Cybersecurity and Infrastructure Security Agency, the U.K.'s National Cyber Security Center, and the Australian Cyber Security Center.

From Wired
View Full Article



No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account