Menu
On Wednesday 17th of November 2021, Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) released a joint cybersecurity advisory where they warned of ongoing malicious cyber activity that FBI, CISA, ACSC, and NCSC have observed and associated with an advanced persistent threat (APT) group that is linked to the government of Iran.
The group have been observed targeting and exploiting Fortinet vulnerabilities since at least March 2021 and a Microsoft Exchange ProxyShell vulnerability since at least October 2021 to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.
It is known that Iranian government-sponsored APT threat actors actively target a broad range of organisation across the U.S. and Australia. These Iranian government-sponsored APT actors have been observed using the access they gain for further operations that have involved data exfiltration and ransomware attacks. The advisory provides tactics and techniques that FBI, CISA, ACSC and NCSC have observed as well as indicators of compromise (IOCs) of the threat actors. The recommended actions to be taken immediately are patching software that is affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
