Recently, the Cybersecurity and Infrastructure Security Agency announced partnerships with the Federal Bureau of Investigation (FBI), National Security Agency and others to combact Iranian hacking plots. First, CISA and the FBI released a joint fact sheet, How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations that provides information about threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC). This group is targeting and compromising accounts of Americans to stoke discord and undermine confidence in U.S. democratic institutions.
IRGC actors have previously gained, and continue to seek access to, personal and business accounts, using social engineering techniques by targeting victims across email and chat. This fact sheet includes steps that individuals and organizations can take to enhance their security and resilience to protect themselves against the common techniques used by these cyber actors.
CISA also announced an initiative with the FBI, NSA and international partners to release the Iranian Cyber Actors Brute Force and Credential Access Activity Compromises Critical Infrastructure advisory. It provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by Iranian actors to impact organizations across multiple critical infrastructure sectors.
Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and public health (HPH), government, information technology, engineering and energy sectors.
For more information on Iranian state-sponsored threat actor activity, see CISA’s Iran Cyber Threat Overview and Advisories page.