Five Eyes Nations Warn: Iran's Cyber Threats Persist
The Australian Cyber Security Centre (ACSC) has united with other Five Eyes nations to warn about persistent Iranian state-sponsored cyber threats. A joint advisory issued on September 15 highlights ongoing risks and provides crucial detection and mitigation advice.
Iranian actors, including those linked to the Islamic Revolutionary Guard Corps (IRGC), are actively targeting various sectors in the US, UK, Australia, and Canada. They exploit known vulnerabilities, such as those in Fortinet and Microsoft Exchange, to gain initial access to networks. Once inside, these actors may sell data, engage in extortion, or deploy ransomware based on the perceived value of the data.
In the same week as the advisory, Iranian-affiliated actors were reported to target individuals with interests in Middle Eastern affairs, nuclear security, and genome research using phishing emails. They have also exploited VMware Horizon and Log4j vulnerabilities for initial access. In Australia, the Australian National University (ANU) was exploited by these actors to support malicious activities like ransomware and data exfiltration.
The joint advisory encourages targeted entities to report incidents to the ACSC and monitor alerts and advisories. The US Department of Justice (DOJ) has indicted three Iranians for conducting cyber-attacks against critical infrastructure and other targets, underscoring the seriousness of these threats. Organisations are urged to patch known vulnerabilities and enhance their cybersecurity measures to mitigate these ongoing risks.
