CISA Alert AA22-257A – Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

Technology, Daily News, News, Tech News

4.8 • 1.1K Ratings

🗓️ 15 September 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced persistent threat actors affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps. The IRGC-affiliated actors are actively targeting a broad range of entities, including entities across multiple U.S. critical infrastructure sectors as well as Australian, Canadian, and United Kingdom organizations. AA22-257A Alert, Technical Details, and Mitigations AA22-257A.stix CISA’s Iran Cyber Threat Overview and Advisories FBI’s Iran Threat webpage. Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Technical Approaches to Uncovering and Remediating Malicious Activity All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a CISA Cybersecurity Alert.
0:16.0	ID number Alpha Alpha 2-2-TAC 257 Alpha,
0:19.0	Original release date, September 14, 2022.
0:23.7	This joint Cybersecurity Advisory highlights continued malicious cyber activity by advanced
0:28.0	persistent threat actors affiliated with the Iranian government's Islamic Revolutionary
0:32.2	Guard Corps.
0:33.4	The IRGC affiliated actors are actively targeting a broad range of entities, including entities
0:38.2	across multiple U.S. critical infrastructure sectors, as well as Australian, Canadian, and United Kingdom organizations.
0:45.0	These actors often operate under the auspices of Naji Technology Hushman Fattir LLC,
0:51.0	based in Karaj, Iran, and Af-KAR System Yazd Company, based in Yazd, Iran.
0:57.0	The authoring agencies assess the actors are exploiting known vulnerabilities on unprotected networks
1:01.5	rather than targeting specific entities or sectors.
1:04.8	The authoring agencies have observed the cyber actor scanning for and exploiting known vulnerabilities
1:09.8	in Fortinette Fort IOS, Microsoft Exchange Server, proxy shell, and Log 4J to gain initial
1:16.8	access to a broad range of targeted entities.
1:20.2	This alert documentation listed in the show notes provides observed tactics, techniques, and
1:24.6	indicators of compromise that the authoring agencies assess are likely associated with this IRGC
1:29.4	affiliated APT.
1:31.5	The authoring agencies urge organizations, especially critical infrastructure organizations
1:36.0	to apply the recommendations listed in the mitigation section of the alert documentation to mitigate
1:40.5	risk of compromise from these IRGC affiliated cyber actors.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.