The U.S. government and international cybersecurity authorities have issued a joint advisory on Iranian government-backed advanced persistent threat actors that exploit cyber vulnerabilities on networks to secure access to systems to support data extortion and disc encryption for ransom operations.
The advisory offers information on Microsoft Exchange, Fortinet and VMware Horizon log4j vulnerabilities that Iranian Islamic Revolutionary Guard Corps-linked cyberthreat actors exploit to gain initial access to U.S. critical infrastructure organizations and other targeted entities, the National Security Agency said Wednesday.
NSA, U.S. Cyber Command, Cybersecurity and Infrastructure Security Agency, FBI and the Department of the Treasury co-authored the advisory with the cybersecurity agencies of Australia, Canada and the U.K.
The agencies recommend that organizations using Fortinet devices, VMware Horizon applications and Microsoft Exchange servers to investigate malicious activity in their networks and implement several mitigation measures.
These measures include implementing backup and restoration policies and procedures; patching and updating systems; using multifactor authentication; implementing network segmentation; and assessing and updating blocklists and allowlists.