FBI warns of Iranian cyber attacks on Azerbaijani networks

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Protection Agency (CISA), and the US Department of Defense's Cybercrime Center (DC3) have issued a joint cybersecurity advisory warning that an Iranian hacking group remains active in targeting Azerbaijani, US and other foreign organizations as of August 2024.

According to the advisory, various sectors of the US economy, including education, finance, healthcare, defence, and local authorities, have come under attack, Caliber.Az reports, citing the CISA website.

Additionally, the group's cyber activities are not limited to the United States; organizations in other countries, including Israel, Azerbaijan, and the United Arab Emirates, are also being targeted. The advisory details the tactics, techniques, and procedures (TTPs) used by the hackers, based on investigations and technical analyses conducted by the FBI.

The FBI estimates that a significant portion of the group's operations aim to gain unauthorized access to networks to collaborate with ransomware partners. The FBI also believes these hackers have ties to Iranian authorities and engage in espionage activities, including attempts to steal sensitive technical data from organizations in Israel and Azerbaijan.

The advisory indicates that the Iranian hackers are conducting malicious cyber activities under the guise of a company called Danesh Novin Sahand, likely to disguise their true activities in support of the Iranian government. The FBI's investigations have revealed that, in addition to distributing ransomware, the group is involved in espionage activities.

The joint cybersecurity advisory provides detailed recommendations and information to help organizations defend against these persistent threats. The advisory emphasizes the need for heightened awareness and proactive security measures to mitigate the risk of unauthorized access and potential data breaches. The FBI, CISA, and DC3 urge organizations to implement recommended security protocols and maintain vigilance to protect their networks from ongoing cyber threats.