CyberWire Daily - CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]
Episode Date: September 15, 2022This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The I...RGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. AA22-257A Alert, Technical Details, and Mitigations AA22-257A.stix CISA’s Iran Cyber Threat Overview and Advisories FBI’s Iran Threat webpage. Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Technical Approaches to Uncovering and Remediating Malicious Activity All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. release date, September 14, 2022. This joint cybersecurity advisory highlights continued
malicious cyber activity by advanced persistent threat actors affiliated with the Iranian
government's Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting
a broad range of entities, including entities across multiple U.S. critical infrastructure
sectors, as well as Australian, Canadian, and United Kingdom organizations.
These actors often operate under the auspices of Naji Technology Houshmand Fateh LLC,
based in Karaj, Iran, and Afkar System Yazd Company, based in Yazd, Iran. The authoring agencies assess the actors are exploiting known vulnerabilities on unprotected networks rather
than targeting specific entities or sectors. The authoring agencies have observed the cyber actor scanning for and exploiting
known vulnerabilities in Fortinet, Fort iOS, Microsoft Exchange Server,
Proxy Shell, and Log4j to gain initial access to a broad range of targeted entities.
This alert documentation listed in the show notes provides observed tactics,
techniques, and indicators of compromise that the authoring agencies assess are likely associated with
this IRGC-affiliated APT.
The authoring agencies urge organizations, especially critical infrastructure organizations,
to apply the recommendations listed in the mitigation section of the alert documentation
to mitigate risk of compromise from these IRGC-affiliated cyber actors.
All organizations should report incidents and anomalous activity
to CISA's 24-7 Operations Center at central at cisa.dhs.gov or 888-282-0870
and to the FBI via your local FBI field office or the FBI's 24-7 PsyWatch
at 855-292-3937 or psywatch at fbi.gov.
This report was written by CISA,
the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by the Cyber Wire as a public service.
Please visit www.cisa.gov to read the full report,
which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
and illustrations.
A link to this report can be found in the show notes.
This has been a CISA
Cybersecurity Alert.