Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The missiles and bombs may have stopped, but threats still lurk on the digital front lines.
The US Cybersecurity and Infrastructure Security Agency (CISA), alongside a raft of other security and law enforcement agencies, has released an advisory warning of the threat of increased malicious cyber activity by parties linked to Iran in the wake of the so-called 12-day war between Iran and Israel.
Given the United States’ role in bringing an apparent end to the conflict, CISA expects Iranian threat actors, both hacktivists and actors backed by the Iranian government, to target US entities, particularly those in the Defence Industrial Base or with links to Israel.
Iranian hackers, CISA warns, commonly take advantage of unpatched software with known vulnerabilities or devices with common or default passwords.
“These malicious cyber actors commonly use techniques such as automated password guessing, cracking password hashes using online resources, and inputting default manufacturer passwords,” CISA said in a 30 June advisory.
“When specifically targeting operational technology (OT), these malicious cyber actors also use system engineering and diagnostic tools to target entities such as engineering and operator devices, performance and security systems, and vendor and third-party maintenance and monitoring systems.”
Iranian actors and hacktivists are fond of a wide variety of disruptive attacks. Distributed denial-of-service attacks are common, as are website defacements, both designed to be publicly obvious and damaging to customer and brand trust. Iranian actors have also been observed working with ransomware affiliates to both steal sensitive data and conduct encryption operations.
Between November 2023 and January 2024, threat actors affiliated with the Iranian Islamic Revolutionary Guard Corps targeted dozens of US organisations in the water and wastewater, energy, food and beverage manufacturing, and healthcare and public health sectors. Internet-facing industrial control systems with factory-default passwords were a common attack vector, as were default Transmission Control Protocol (TCP) ports.
Hack-and-leak operations were also common during the period, with Iranian-linked actors using social media to amplify their attacks and harass victims.
“These operations resulted in financial losses and reputational damage for victims,” CISA said.
“The purpose of these campaigns was to undermine public confidence in the security of victim networks and data, as well as embarrass targeted companies and countries. While hacktivists primarily targeted Israeli companies, one instance involved a US internet protocol television (IPTV) company.”
As of writing, CISA has not identified any current campaigns, but the ongoing threat remains. You can read the full advisory here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
