The Atomic Energy Agency of Iran was exposed to a security breach that resulted in the threat actors gaining unauthorized access to their e-mail servers, compromising their data security.The security breach came to light when threat actors known as “Black Reward” claimed to have obtained sensitive data on their Telegram channel, including contract files, business plans, and information about other facilities. In addition to the sharing, the threat actors announced that the captured data would be shared publicly if the political prisoners arrested during the recent protests against the Iranian government on October 21 were not released within 24 hours.
The Iranian Atomic Energy Agency officials confirmed the security breach by targeting e-mail servers, but it was emphasized that the captured data was unimportant. Furthermore, it was stated that the intercepted e-mails contained technical and casual messages. In this context, it is recommended that institutions and organizations take into account the following security practices in order not to be the target of targeted attacks that can be carried out in a similar way to protest and attract attention.
- Internal inventories such as e-mail servers used within the institution/organization should be used in the most up-to-date versions where the vulnerabilities are fixed.
- Institution/organization personnel should not rely on spam e-mails, attachments, and links from unknown parties.
- Comprehensive security solutions should be deployed to the corporate/organizational network.