Joint cyber security advisory on Iranian Islamic Revolutionary Guard Corps-affiliated cyber actors exploiting vulnerabilities for data extortion and ransom operations

September 14, 2022

CSE’s Canadian Centre for Cyber Security Cyber securityThe protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability. (Cyber Centre) joined cyber security partners from the United Kingdom’s National Cyber Security Centre (NCSC-UK), the Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), U.S. Cyber Command Cyber National Mission Force (CNMF), the Department of the Treasury (DoT), and the Federal Bureau of Investigation (FBI) in issuing a joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by an advanced persistent threat (APT) actors that the authoring agencies assess are associated with the Iranian Government’s Islamic Revolutionary Guard GuardA gateway that is placed between two networks, computers, or other information systems that operate at different security levels. The guard mediates all information transfers between the two levels so that no sensitive information from the higher security level is disclosed to the lower level. It also protects the integrity of data on the higher level. Corps (IRGC).

This advisory updates a previous joint CSA from November 2021, which provides information on Iranian government-sponsored APT actors exploiting known Fortinet® and Microsoft Exchange® vulnerabilities to gain initial access to a broad range of victims in furtherance of malicious activities, including ransom operations. The authoring agencies now judge these actors are an APT affiliated with the IRGC, and that some of the activity is for the actors’ personal profit.

Today’s advisory includes observed tactics and techniques, as well as indicators of compromise CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability. (IOCs), that the cybersecurity agencies of Canada, the UK, U.S., and Australia assess are likely associated with this IRGC-affiliated activity. The authoring agencies urge organizations, especially critical infrastructure Critical infrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence. organizations, to apply the recommendations listed in the Mitigations section of this advisory to mitigate risk of compromise from these cyber actors affiliated with the IRGC.

More information on this joint advisory.