Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA) warned of a potential new wave of cyber attacks carried out by Iran-linked hacker groups targeting U.S. assets.
The attacks could be the response of the Iranian cyber unit after Maj. Gen. Qassim Suleimani was killed by a U.S. drone airstrike at the Baghdad airport in Iraq.
“Given recent developments, re-upping our statement from the summer,” Krebs explained in Tweet.
“Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS,” he added. “Make sure you’re also watching third party accesses!”
“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.” reads the advisory published by CISA.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”
The advisory urges administrators of the assets to implement basic defenses and immediately reports any information or suspects in ongoing attacks.
“The Department of Homeland Security stands ready to confront and combat any and all threats facing our homeland,” states the Acting Secretary Chad F. Wolf.
“While there are currently no specific, credible threats against our homeland, DHS continues to monitor the situation and work with our Federal, State and local partners to ensure the safety of every American.”
In June 2019, US DHS CISA agency already warned of increased cyber-activity from Iran aimed at spreading data-wiping malware through password spraying, credential stuffing, and spear-phishing.
The attacks were targeting U.S. industries and government agencies, the statement was also published by the CISA Director Chris Krebs via his Twitter account.
The statement warned of targeted attacks carried out by the Iranian affiliated actors that leverage data-wiper specifically designed to permanently destroy data of infected systems.
Wiper attacks have been used in the past by state actors or as decoys for other attacks, which are described later in the article.
Experts recommended to have secure working backup procedures, in case of attack, victims could simply recover data from a backup.
The statement also highlights the risks related to account compromise that could represent the entry point in a targeted network.
Past attacks attributed to Iran-linked hackers are:
While the world and cyber security community is waiting for a spike in the cyber attacks carried out by Iran-linked APT groups, I believe that their level of sophistication will not rapidly increase and we cannot underestimate the risk of false flag operations conducted by other nation-state actors.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Iran, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
This website uses cookies.