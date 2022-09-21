National Cyber Security Centre
|Printable version
UK and allies expose Iranian state agency for exploiting cyber vulnerabilities for ransomware operations
Joint advisory highlights threat from cyber actors affiliated with Iran’s IRGC.
The UK and international allies have issued a joint cyber security advisory highlighting that cyber actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are exploiting vulnerabilities to launch ransomware operations against multiple sectors.
Iranian-state APT actors have been observed actively targeting known vulnerabilities on unprotected networks, including in critical national infrastructure (CNI) organisations.
The advisory, published by the National Cyber Security Centre (NCSC) − a part of GCHQ − alongside agencies from the US, Australia and Canada, sets out tactics and techniques used by the actors, as well as steps for organisations to take to mitigate the risk of compromise.
It updates an advisory issued in November 2021 which provided information about Iranian APT actors exploiting known Fortinet and Microsoft Exchange vulnerabilities.
They are now assessed to be affiliated to the IRGC and are continuing to exploit these vulnerabilities, as well as the Log4j vulnerabilities, to provide them with initial access, leading to further malicious activity including data extortion and disk encryption.
Paul Chichester, NCSC Director of Operations, said:
"This malicious activity by actors affiliated with Iran’s IRGC poses an ongoing threat and we are united with our international partners in calling it out.
“We urge UK organisations to take this threat seriously and follow the advisory’s recommendations to mitigate the risk of compromise.”
The NCSC urges organisations to follow the mitigation set out in the advisory, including:
- Keeping systems and software updated and prioritising remediating known exploited vulnerabilities
- Enforcing multi-factor authentication
- Making offline backups of your data
This advisory has been issued by the NCSC, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), US Cyber Command (USCC), Department of the Treasury (DoT), the Australian Cyber Security Centre (ACSC) and the Canadian Centre for Cybersecurity (CCCS).
Original article link: https://www.ncsc.gov.uk/news/uk-and-allies-expose-iranian-state-agency-for-exploiting-cyber-vulnerabilities-for-ransom-operations
Latest News from
National Cyber Security Centre
Her Majesty Queen Elizabeth II and GCHQ20/09/2022 09:05:00
We reflect on Her Majesty's long association with GCHQ and the NCSC.
Potential phishing activity update14/09/2022 11:15:00
The National Cyber Security Centre warns about potential scams during the period of national mourning.
GCHQ mourns the death of Her Majesty The Queen09/09/2022 15:25:00
Director GCHQ, Sir Jeremy Fleming, offers deep condolences to the Royal Family.
NCSC CEO appears at major US cyber security summit09/09/2022 14:15:00
Lindy Cameron discussed cyber security at the 13th Billington Cyber Security Summit in Washington.
UK condemns Iranian state-linked actors for cyber attack against Albania08/09/2022 12:15:00
The UK has attributed a series of cyber attacks on Albanian government infrastructure to Iranian state-linked actors.
Cyber security experts team up to protect UK construction projects23/08/2022 11:05:00
New guidance to support UK construction projects has been jointly published between the NCSC, CPNI and BEIS.
Cyber Advisor26/07/2022 12:05:00
New Cyber Advisor scheme will offer assured cyber security consultancy services to small and medium sized companies, helping them achieve a minimum standard of security.
Solicitors urged to help stem the rising tide of ransomware payments11/07/2022 11:15:00
The NCSC and ICO share joint letter with the Law Society after increases in ransomware payments.