FORT MEADE, Md. - The National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigations (FBI), and the Department of Defense Cyber Crime Center (DC3) have released the joint Cybersecurity Information Sheet (CSI), “Iranian Cyber Actors May Target Vulnerable U.S. Networks and Entities of Interest.”
Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors—including hacktivists and Iranian government-affiliated actors—may target U.S. devices and networks for near-term cyber operations. These actors have historically targeted poorly secured U.S. networks and internet-connected devices for disruptive cyberattacks, often exploiting targets of opportunity, outdated software, and the use of default or common passwords on internet-connected accounts and devices.
Due to recent events, Iranian state-sponsored or affiliated threat actors are likely to significantly increase their Distributed Denial of Service (DDoS) campaigns, and potentially also conduct ransomware attacks. The authoring agencies urge organizations, especially those within U.S. critical infrastructure, to remain vigilant for the outlined potential targeted malicious cyber activity.
The CSI outlines the actors commonly used techniques and provides several examples of their previous cyber campaigns. Organizations should review this information to become familiar with the tactics utilized by these malicious cyber actors.
Critical infrastructure asset owners and operators should review this guidance to assess their cybersecurity weaknesses and update incident response plans. Further, the CSI provides detailed mitigations for at-risk organizations to implement to harden their cyber defenses against malicious actors.
Read the full report, here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721