US, UK, and Australia Warning About APT Activity
In a joint alert, law enforcement and cybersecurity agencies in the US, the UK, and Australia warn that cyberthreat actors with ties to Iran are targeting organizations in the healthcare and transportation sectors. The advanced persistent threat (APT) group is exploiting vulnerabilities in Microsoft Exchange ProxyShell and Fortinet.
Review the mitigations in the bulletin irrespective of whether you see yourself as a target. Make sure that you’re keeping systems patched and updated. Take another look at allow/deny lists, particularly on servers which are purpose built to block the execution of unknown software. Make sure that you are always using MFA on privileged accounts and on any remotely accessible services.
Read more in
Health IT Security: CISA: Iranian Government-Sponsored Threat Actors Targeting Healthcare