Even though the battle between US and Iran on the Strait of Hormuz may have calmed down, the Iranian hackers are still continuing their activity against the targets from US as well as other countries.
On Wednesday, the USCYBERCOM Malware Alert tweeted that they have found an active malicious use of a known bug in Microsoft called "CVE-2017-11774." But the tweet did not reveal who is using the bug to conduct the cyber attack.
A US-based cybersecurity company by name FireEye stated that there are several Iranian hackers who have been using that vulnerability. In a statement, it said: "Adversary exploitation of CVE-2017-11774 continues to cause confusion for many security professionals."
It also mentioned that if Outlook launches something malicious, "a common assumption is that the impacted user has been phished — which is not what is occurring here. The organization may waste valuable time without a focus on the root cause."
In December 2018, the company identified the activity to a threat group dubbed APT33, which it said, is working on the behalf of the Iranian government.
Later, in June this year, FireEye said that they saw the same APT33 tactics being played in a new coordinated campaign against the US federal government agencies, US business segments such as retail, financial, media as well as education sectors.
A notice released on June 22 by Cybersecurity and Infrastructure Security Agency or CISA has stated that the authority is aware of the recent rise in malicious cyber activity directed at US industries and government agencies as targets of the Iranian hackers.
The notice also revealed that the Iranian hackers are increasingly using destructive 'wiper' attacks, as they are trying to do much more than just stealing data and money.
"These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network," it added.
During the Defense One Tech Summit that was held on June 27, Ed Wilson, the deputy assistant secretary of defence for cyber policy, described the recent activities by Iranian hacking group as a "horizontal escalation" meaning an increase in the volume of activity, rather than a sudden change in the types of tactics used.
