Security Advisory
CISA Advisory: Iranian Threat Actors Targeting Critical Infrastructure
Federal agencies have issued a joint advisory warning that Iranian state-sponsored threat actors are actively targeting water, energy, and healthcare organizations across the United States using a combination of known vulnerabilities and social engineering.
Federal agencies including CISA, NSA, and FBI have issued a joint advisory warning that Iranian state-sponsored threat actors are actively targeting water, energy, and healthcare organizations across the United States.
The advisory identifies specific TTPs (tactics, techniques, and procedures) being used, including exploitation of known vulnerabilities in internet-facing systems, spear-phishing campaigns targeting IT and OT staff, and use of commodity malware to establish persistent access.
Key Recommendations
Organizations should immediately audit internet-facing systems for unpatched vulnerabilities, particularly in industrial control systems and VPN appliances. Multi-factor authentication must be enforced on all remote access points without exception.
Network segmentation between IT and OT environments is critical. Many organizations have allowed these environments to converge in ways that create unacceptable risk. If you cannot immediately segment, ensure you have visibility into all east-west traffic.
Credential hygiene remains the number one issue. Default passwords, shared credentials, and accounts that have not been reviewed in over 90 days are appearing in virtually every incident response engagement we participate in.
For organizations that operate critical infrastructure or serve clients who do, we strongly recommend an immediate review of your current security posture against the NIST CSF. Contact our team for a rapid assessment.