U.S. cyber agencies, the FBI, and NSA issued an urgent warning today about potential cyberattacks from Iranian-affiliated hackers targeting U.S. critical infrastructure.
CISA says there are no indications of an ongoing campaign but urges critical infrastructure organizations and other potential targets to monitor their defense due to the current unrest in the Middle East and cyber attacks previously linked to Iran.
In a joint fact sheet, the cyber agencies warn that Defense Industrial Base (DIB) companies with ties to Israeli defense and research, are at increased risk at being targeted. Other organizations in critical infrastructure sectors, including energy, water, and healthcare, are also considered potential targets.
The advisory warns that Iranian threat actors are Iran are known to exploit unpatched vulnerabilities or utilize default passwords to gain breach systems. This was seen last year when IRGC-affiliated Iranian threat actors breached a Pennsylvania water facility in November 2023 by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
Iranian-affiliated hackers also work with or act as hacktivists, performing distributed denial-of-service (DDoS) attacks or defacing websites. These attacks are often conducted in conjunction with politically motivated messages, with the attackers promoting their activities on X and Telegram.
Iranian threat actors have also been observed utilizing ransomware or working as affiliates with Russian ransomware gangs, such as NoEscape, Ransomhouse, and ALPHV (also known as BlackCat). Many of these attacks were focused on Israeli companies, where they encrypted devices and leaked stolen data.
In some cases, the attackers used data wipers instead of ransomware to conduct destructive attacks on organizations.
Mitigating attacks
CISA, the DoD, the FBI, and the NSA are urging organizations to adopt the following best practices to protect against these threats:
- Isolate OT and ICS systems from the public internet and restrict remote access.
- Use strong, unique passwords for all online accounts and systems, changing all default account passwords.
- Enable multi-factor authentication (MFA) for critical systems and authentication platforms.
- Install all software updates, especially on internet-facing systems to fix known vulnerabilities.
- Monitor networks and servers for unusual activity.
- Develop and test incident response plans to make sure that all backups and recovery plans are working.
For more information, organizations can read CISA's Iran Threat Overview and the FBI's Iran Threat web pages.
8 Common Threats in 2025
While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.
Drawing from Wiz's detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.
Related Articles:
US Homeland Security warns of escalating Iranian cyberattack risks
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
Anubis ransomware adds wiper to destroy files beyond recovery
New IOCONTROL malware used in critical infrastructure attacks
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________
