The Download
Iranian state-backed APT34 (aka OilRig) has been exploiting vulnerabilities in Microsoft Exchange Servers to conduct cyber espionage attacks against Gulf governments. APT34 has been linked to the Iranian Ministry of Intelligence and Security (MOIS). The group targets Microsoft Exchange servers to gain access to user credentials and exfiltrate data. APT34 has been exploiting CVE-2024-30088 to gain system level privileges on Windows systems including Windows Server 2016, 2019, and 2022. These vulnerabilities allow attackers to gain access to sensitive data and establish persistent footholds within networks by exploiting flaws in Microsoft Exchange’s authentication systems.
What You Can Do
To defend against these attacks, IT administrators should apply patches to vulnerable Windows systems. Additionally, it is essential to implement multi-factor authentication, monitor logs for abnormal activity, and conduct regular vulnerability assessments. Restricting access to critical infrastructure and segmenting network systems can also limit the impact of a breach. Use ThreatMate to analyze attack surfaces and prioritize remediations.
To Learn More: