Share this article on:
Federal agencies representing four nations have contributed to the development of new guidance on malicious cyber attacks sponsored by the Iranian government.
Key agencies from Australia, Canada, the United Kingdom, and the United Sates have released a new joint Cybersecurity Advisory (CSA), aimed at exposing continued malicious cyber activity by advanced persistent threat (APT) actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC).
The advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), US Cyber Command Cyber National Mission Force (CNMF), the US Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC).
This latest CSA, titled — Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and disk encryption for ransom operations — is designed to provide “actionable information” relating to IRGC exploitation of VMware Horizon Log4j vulnerabilities for initial access and ongoing use of known Fortinet and Microsoft Exchange vulnerabilities.
Once breaching a network, the Iran-backed actors reportedly determine a course of action based on their perceived value of the data, including data encryption or exfiltration for ransom operations.
“Today’s advisory is an outcome of our close collaboration with international and US government partners to understand and provide timely information on malicious cyber activity targeting our country’s critical networks, including by Iranian cyber actors,” Eric Goldstein, executive assistant director for Cyber security, CISA, said.
“Our unified purpose is to drive timely and prioritised adoption of mitigations and controls that are most effective to reducing risk to all cyber threats, including malicious actors like those affiliated with the Iranian Islamic Revolutionary Guard Corps.
“Immediately addressing the vulnerabilities in this advisory, which are also in CISA’s known exploited vulnerabilities catalogue, and deploying rigorous controls consistent with a zero-trust strategy is strongly recommended.”
According to David Luber, deputy cybersecurity director, NSA, the advisory points to specific instances in which IRGC-affiliated cyber actors have used publicly known vulnerabilities to gain access to critical infrastructure.
“We implore our net defenders and our partners to detect and mitigate this threat before your organisation is the next ransomware victim,” he said.
Abigail Bradshaw CSC, head of the Australian Cyber Security Centre, said this latest advisory further underscores the threat posed to organisations of all sizes.
“It’s absolutely critical that organisations strengthen their cyber defences by reviewing these protective measures and implementing them immediately,” Bradshaw said.
“In particular, I urge organisations to patch their systems against a number of already known critical vulnerabilities.”
[Related: General Dynamics wins USAF cyber contract ]