Federal Government Agencies Warn of Cyber Attackers from Iran
Monday, September 19, 2022 | Comments

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), U.S. Cyber Command Cyber National Mission Force (CNMF), the U.S. Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by advanced persistent threat (APT) actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).

“Today’s advisory is an outcome of our close collaboration with international and U.S. government partners to understand and provide timely information on malicious cyber activity targeting our country’s critical networks, including by Iranian cyber actors,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “Our unified purpose is to drive timely and prioritized adoption of mitigations and controls that are most effective to reducing risk to all cyber threats, including malicious actors like those affiliated with the Iranian Islamic Revolutionary Guard Corps. Immediately addressing the vulnerabilities in this advisory, which are also in CISA’s known exploited vulnerabilities catalog, and deploying rigorous controls consistent with a zero-trust strategy is strongly recommended.”

The CSA, titled “Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations,” provides actionable information regarding IRGC exploitation of VMware Horizon Log4j vulnerabilities for initial access and ongoing use of known Fortinet and Microsoft Exchange vulnerabilities. After gaining access to a network, these actors likely determine a course of action based on their perceived value of the data, including data encryption or exfiltration for ransom operations.

“The FBI is dedicated to preventing and disrupting nation-state affiliated cyber activity that threatens our private sector partners and the American public," said FBI Cyber Division Assistant Director Bryan Vorndran. "We will continue to coordinate with our domestic and international partners to proactively share relevant and timely information to mitigate cyber threats posed by the IRGC, and we are confident this advisory will assist individuals and businesses in developing a plan to protect their systems and shore up network defenses. In the event victims do suffer an intrusion, we encourage them to report the compromise as early as possible to their local FBI field office or to the Internet Crime Complaint Center at www.ic3.gov.”

The CSA identifies additional malicious and legitimate tools that are likely being used by these actors as well as tactics, techniques, and procedures, and additional indicators of compromise (IOCs) observed as recently as March that can be used to detect this latest malicious activity. It is an update to the 2021 joint CSA on Iranian government-sponsored APT actors exploiting Microsoft Exchange and Fortinet vulnerabilities and now assesses this APT group to be affiliated with the IRGC, an Iranian Government agency tasked with defending the Iranian Regime from perceived internal and external threats.

“Based on the latest intelligence across the Five Eyes, this advisory again underscores that organizations of all sizes continue to be targeted by capable and increasingly sophisticated adversaries,” Abigail Bradshaw, head of the Australian Cyber Security Centre. “It’s absolutely critical that organizations strengthen their cyber defenses by reviewing these protective measures and implementing them immediately. In particular, I urge organizations to patch their systems against a number of already known critical vulnerabilities.”

Organizations are strongly discouraged from paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. In September 2021, the U.S. Treasury issued an advisory highlighting the sanctions risk associated with ransomware payments and providing steps that can be taken by companies to mitigate the risk of being a victim of ransomware.

Post a comment
Name: *
Email: *
Title: *
Comment: *


No Comments Submitted Yet

Be the first by using the form above to submit a comment!


March 2023

27 - 30
International Wireless Communications Expo (IWCE) 2023
Las Vegas

May 2023

23 - 25
Critical Communications World (CCW)
Helsinki, Finland

More Events >
White Papers
More White Papers >

Site Navigation