Iranian APT34 Exploits CVE-2024-30088 to Target Critical Infrastructure

Oct 16, 2024, 09:55 AM

Iranian cyber actors, identified as APT34, are exploiting a recent Windows kernel vulnerability (CVE-2024-30088) to target critical infrastructure networks. This vulnerability was reported through the ZDI program, with details provided by Trend Micro Research. The hackers are using brute-force attacks and MFA 'push bombing' techniques to obtain credentials and maintain persistent access. Sectors affected include healthcare, government, IT, engineering, and energy. A warning has been issued by multiple agencies, including the FBI, NSA, CISA, CSE, Australian Federal Police, and ASD, advising on how to identify and mitigate these threats.