The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory encouraging heightened awareness for potential malicious cyber activity from Iranian threat actors. The advisory states these actors continue to engage in offensive cyber activities that range from the conventional, including website defacement and distributed denial of service attacks, to the more advanced, such as destructive malware. CISA observes these actors have been continuously improving their capabilities and recommends network users and administrators review a series of its past products for more information on this threat.
Continued Threats and Vulnerabilities
In January, CISA published an alert warning of a potential for Iranian offensive cyber activities in response to a recent U.S. military strike. In the alert CISA noted that Iran has a history of using cyber offensive activities to retaliate against perceived harm, and advised its partners - including critical infrastructure operators - to be vigilant given geopolitical developments. This alert and subsequent advisories and other products from CISA describe the activities Iranian cyber threat actors have engaged in, providing technical information to help protect against attacks. They also describe common and critical vulnerabilities that have been and could be exploited to facilitate attacks.
How to Report Activity
CISA encourages organizations that observe malicious or suspicious activity to call 1-888-282-0870, email CISAServiceDesk@cisa.dhs.gov, or visit its website.
Please also report any malicious or suspicious activities to WaterISAC, by emailing analyst@waterisac.org, calling 866-H2O-ISAC, or using the online incident reporting form.
WaterISAC will continue to monitor for additional information and share as appropriate.
- The WaterISAC Team
