Iranian hackers are targeting organizations with a sophisticated multi-factor authentication (MFA) push-bombing attack, aiming to compromise their Microsoft 365, Azure, and Citrix Systems accounts. This attack involves sending a barrage of MFA push notifications to a victim’s device, overwhelming them with authentication requests and potentially tricking them into approving a malicious login.
The attackers exploit the user’s trust in MFA and their desire to quickly clear the notifications. This attack highlights the importance of implementing robust MFA strategies, including the use of advanced MFA solutions and security awareness training for employees. Organizations should also be wary of suspicious activity related to MFA notifications and promptly investigate any unusual behavior.
The U.S. Department of Justice has indicted two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious hacktivist group known for conducting over 35,000 DDoS attacks in a year. The group has been responsible for targeting various entities, including hospitals, government facilities, and critical infrastructure in Los Angeles and around the world. The indictment marks a significant step towards disrupting the group’s activities and holding its members accountable for their actions.