REGISTER

email 14 48

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) have issued a joint Cybersecurity Advisory (CSA) to alert network defenders that Iran-based cyber actors continue to target organizations in the U.S. and abroad as of August 2024. These attacks have impacted a wide range of sectors, including education, finance, healthcare, defense, and local governments in the U.S., as well as organizations in Israel, Azerbaijan, and the United Arab Emirates.

The FBI believes that a significant portion of these operations are designed to gain and develop network access, which is then shared with ransomware affiliates to deploy ransomware. Additionally, the FBI assesses that these actors are linked to the Iranian government and engage in activities beyond ransomware, such as stealing sensitive technical data from organizations in Israel and Azerbaijan in support of Iran's objectives.

This CSA provides the threat actor’s tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs), as well as highlights similar activity from a previous advisory (Iran-Based Threat Actor Exploits VPN Vulnerabilities) that the FBI and CISA published on Sept. 15, 2020. The information and guidance in this advisory are derived from FBI investigative activity and technical analysis of this group’s intrusion activity against U.S. organizations and engagements with numerous entities impacted by this malicious activity.

The FBI recommends all organizations follow guidance provided in the Mitigations section of this advisory to defend against the Iranian cyber actors’ activity.

If organizations believe they have been targeted or compromised by the Iranian cyber actors, the FBI and CISA recommend immediately contacting your local FBI field office for assistance and/or reporting the incident via CISA’s Incident Reporting Form (see the Reporting section of this advisory for more details and contact methods).

For more information on Iran state-sponsored malicious cyber activity, see CISA’s Iran Cyber Threat webpage.

CyberBanner

Log in Register

Please Login to download this file

Username *
Password *
Remember Me

CyberBanner

CyberBanner

Go to top