U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure.
CISA says there are no indications of an ongoing campaign but urges critical infrastructure organizations and other potential targets to monitor their defense due to the current unrest in the Middle East and cyber attacks previously linked to Iran.
In a joint fact sheet, the cyber agencies warn that Defense Industrial Base (DIB) companies with ties to Israeli defense and research, are at increased risk at being targeted. Other organizations in critical infrastructure sectors, including energy, water, and healthcare, are also considered potential targets.
The advisory warns that Iranian threat actors are Iran are known to exploit unpatched vulnerabilities or utilize default passwords to gain breach systems. This was seen last year when IRGC-affiliated Iranian threat actors breached a Pennsylvania water facility in November 2023 by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
Iranian-affiliated hackers also work with or act as hacktivists, performing distributed denial-of-service (DDoS) attacks or defacing websites. These attacks are often conducted in conjunction with politically motivated messages, with the attackers promoting their activities on X and Telegram.
Iranian threat actors have also been observed utilizing ransomware or working as affiliates with Russian ransomware gangs, such as NoEscape, Ransomhouse, and ALPHV (also known as BlackCat). Many of these attacks were focused on Israeli companies, where they encrypted devices and leaked stolen data.
In some cases, the attackers used data wipers instead of ransomware to conduct destructive attacks on organizations.
Mitigating attacks
CISA, the DoD, the FBI, and the NSA are urging organizations to adopt the following best practices to protect against these threats:
- Isolate OT and ICS systems from the public internet and restrict remote access.
- Use strong, unique passwords for all online accounts and systems, changing all default account passwords.
- Enable multi-factor authentication (MFA) for critical systems and authentication platforms.
- Install all software updates, especially on internet-facing systems to fix known vulnerabilities.
- Monitor networks and servers for unusual activity.
- Develop and test incident response plans to make sure that all backups and recovery plans are working.
For more information, organizations can read CISA’s Iran Threat Overview and the FBI’s Iran Threat web pages.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
