Cyber defense

US and Allies Release Joint Advisory on Activities of Iranian Cyber Actors

Agencies in the U.S., Canada, Australia and the U.K. have warned of Iranian cyber actors exploiting known vulnerabilities in unprotected systems to access and encrypt critical data and support ransom operations. According to a joint cybersecurity advisory, the cyber actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps are exploiting Fortinet, Microsoft Exchange and VMware Horizon log4j flaws. Their main targets are critical infrastructure sectors, the National Security Agency said.

The agencies that authored the advisory are the FBI, the Cybersecurity and Infrastructure Security Agency, the NSA, the U.S. Cyber Command’s Cyber National Mission Force, the Department of the Treasury, and the cybersecurity centers of Canada, the U.K. and Australia.

The document stated that the malicious actors often operate with support from Iranian companies Najee Technology Hooshmand Fater and Afkar System Yazd. To protect systems from cyberattacks, the agencies recommended maintaining offline data backups, activating BitLocker on all networks, enabling automated continuous testing using the free CISA Cyber Hygiene Services Vulnerability Scanning service, and patching operating systems, software and firmware immediately.

According to a CISA official, testing efforts are key to defending against cyberattacks. The official noted that while organizations and security contractors have access to Mitre’s list of the most common tactics and procedures used by cyber attackers, only a few examine the strength of their systems’ detection and defense capabilities.