[CDP-development] CISA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities - TLP:WHITE

MASSE, THERESA theresa.masse at cisa.dhs.gov
Wed Nov 17 09:51:27 PST 2021 

FYSA

CISA has released (TLP:WHITE) Current Activity: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities<https://us-cert.cisa.gov/ncas/current-activity/2021/11/17/iranian-government-sponsored-apt-cyber-actors-exploiting-microsoft>. CISA, the FBI, the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory<https://us-cert.cisa.gov/ncas/alerts/aa21-321a> highlighting ongoing malicious cyber activity by an APT group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran. FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.

Joint Cybersecurity Advisory AA21-321A<https://us-cert.cisa.gov/ncas/alerts/aa21-321a> provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity.

CISA Recommendation:

  *   apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors
  *   review Iran Cyber Threat Overview and other Iran-related Advisories<https://us-cert.cisa.gov/iran>

We kindly request any questions or feedback related to this product be reported to CISA at https://us-cert.cisa.gov/report, Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov>, or 888-282-0870.

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D7DB98.70443870]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211117/78cd3df9/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211117/78cd3df9/attachment-0001.png>

More information about the CDP-development mailing list