Thanks a lot Iran. Because you hacked major Texas businesses, I get to spend the rest of my day showing my company why they’re not important enough to attack.

This report is meant to provide an overall security summary of any threats coming from Iran in the last 30 days. In total, there have been 5 exploits, which were stopped by our firewalls and identified accordingly. The following is a chronological report of those 5 threats in detail.

Findings:
 

The first 2 threats, 54608 and 56830, were detected and dropped by our threat protection mechanism. The first is identified as an SQL Injection that took place on 12/24 and the second was a code execution that occurred on 12/28. Both threats were run twice, but failed to get past the firewall each attempt. The last threat, 32753, was an ASP.NET vulnerability that was blocked on 12/24.

The 5 exploits were targeting the Frontend and Backend destination zones of the firewall. No hosts have been compromised and no information has been leaked.

The first slide below is showing the specific IP address and hostname where the 5 threats originated.  Both api.rahsepar.net and <omitted public IP> have both been identified as Iranian domains through an ICANN lookup. The second slide is showing the hosts that were targeted within <Company Name>, <omitted public IP> and (10.201.2.150).

Summary:

No <Company Name> resources or assets have been compromised as a result of recent events concerning Iran.  The past 30 days of activity from this region has produced 5 separate threats, which were either blocked by the firewall once analyzed or were identified by our security rules and discarded.