In a Cybersecurity Advisory released today, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), NSA, U.S. Cyber Command, the Department of Treasury, and international partners reveal how Iranian cyber actors continue to exploit known vulnerabilities on unprotected networks to extort and ransom victims, including U.S. critical infrastructure organizations.
In “Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disc Encryption for Ransom Operations,” agencies from four nations provide specific examples of IRGC-affiliated cyber actors exploiting Fortinet, Microsoft Exchange, and VMware Horizon log4j vulnerabilities to gain initial access to systems. The actors then leveraged the access for disk encryption and data extortion to support ransom operations.