Multinational cyber advisory exposes Iran

Federal agencies representing four nations have contributed to the development of new guidance on malicious cyber attacks sponsored by the Iranian government.

Key agencies from Australia, Canada, the United Kingdom, and the United Sates have released a new joint Cybersecurity Advisory (CSA), aimed at exposing continued malicious cyber activity by advanced persistent threat (APT) actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC).

The advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), US Cyber Command Cyber National Mission Force (CNMF), the US Department of the Treasury (Treasury), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), and the United Kingdom’s National Cyber Security Centre (NCSC).

This latest CSA, titled — Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and disk encryption for ransom operations — is designed to provide “actionable information” relating to IRGC exploitation of VMware Horizon Log4j vulnerabilities for initial access and ongoing use of known Fortinet and Microsoft Exchange vulnerabilities.

Once breaching a network, the Iran-backed actors reportedly determine a course of action based on their perceived value of the data, including data encryption or exfiltration for ransom operations.

Read the article on Defence Connect.