The Federal Bureau of Investigation (FBI), U.S. Cyber Command - Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC1). This IRGC cyber activity is targeted against individuals with a nexus to Iranian and Middle Eastern affairs; such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists. Additionally, FBI has observed these actors targeting persons associated with US political campaign activity, likely in support of information operations.
The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various sectors worldwide, including but not limited to entities in their respective countries.
This advisory provides observed tactics, techniques, and indicators of compromise (IOCs) that the authoring agencies assess are likely associated with cyber actors working on behalf of IRGC. The authoring agencies urge individuals in targeted groups to apply the recommendations listed in the Mitigations section of this advisory to diminish risk of compromise from these cyber-actors. For more information on Iranian state-sponsored malicious cyber activity, see the FBI’s Iran Threat webpage.
1 The IRGC is an Iranian Government agency tasked with defending the Iranian Regime from perceived internal and external threats.
Please click here to read more detail