Joint Warning: Iran-Backed Cyber Campaign Targets Critical Infrastructure
Intelligence and law enforcement agencies from Australia, Canada, and the US have issued a joint advisory on October 16, warning about an Iran-backed cyber campaign targeting critical infrastructure sectors. The campaign, active since October 2023, has been exploiting various methods to gain access to networks and cause disruption.
The advisory, signed by the FBI, NSA, CISA, CSE, AFP, and ACSC, urges organizations to look out for 'impossible logins', 'impossible travel', and unusual MFA registrations to detect this campaign. Once inside a victim's network, hackers have been using techniques such as Remote Desktop Protocol (RDP), Kerberos Service Principal Name (SPN), or Microsoft Active Directory for lateral movement and privilege escalation.
To mitigate the threat, organizations are advised to review their password management, implement phishing-resistant multifactor authentication (MFA), and provide regular cybersecurity training to their users. The campaign has been targeting healthcare, government, information technology, engineering, and energy sectors, highlighting the need for robust security measures across all critical infrastructure.
The joint advisory follows a similar warning issued in November 2022, which detailed an Iran-backed cyber campaign targeting multiple critical infrastructure sectors over more than a year. Organizations are urged to remain vigilant and take necessary steps to protect their networks from potential threats.
