| The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) released a Joint Fact Sheet strongly urge organizations to remain vigilant for potential targeted cyber activity against US critical infrastructure and other US entities by Iranian-affiliated cyber actors. |
| Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity. The authoring agencies are continuing to monitor the situation and will release pertinent cyber threat and cyber defense information as it becomes available. |
| Based on the current geopolitical environment, Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations. Defense Industrial Base (DIB) companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. Hacktivists and Iranian-government-affiliated actors routinely target poorly secured US networks and internet-connected devices for disruptive cyberattacks. |
| Iranian-affiliated cyber actors and aligned hacktivist groups often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures (CVEs) or the use of default or common passwords on internet-connected accounts and devices. (Note: See CISA’s Known Exploited Vulnerabilities Catalog for more information on vulnerabilities that have been exploited in the wild). These malicious cyber actors commonly use techniques such as automated password guessing, cracking password hashes using online resources, and inputting default manufacturer passwords. When specifically targeting operational technology (OT), these malicious cyber actors also use system engineering and diagnostic tools to target entities such as engineering and operator devices, performance and security systems, and vendor and third-party maintenance and monitoring systems. |
| The Joint Fact Sheet contains threat activity, previous cyber campaigns, mitigation recommendations, additional resources, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |