The National Security Agency, alongside partner agencies like the FBI and the Cybersecurity and Infrastructure Security Agency, has released a joint cybersecurity advisory concerning efforts by Iranian cyber actors to compromise the systems belonging to various critical infrastructure—or CI—sectors.
Table of Contents
Attack Objectives
The NSA said Wednesday that since 2023, Iranian cyber actors have been using brute force and other techniques to break into systems used by energy, government, healthcare and other CI organizations. MITRE ATT&CK defines brute force as the attempt by an attacker to systematically guess the target system’s password via “a repetitive or iterative mechanism.”
Once the Iranian attackers gain access, they work to enable persistent access by modifying multifactor authentication registrations. They also steal more credentials to sell on criminal forums.
Purpose of the Advisory
The joint cybersecurity advisory seeks to provide readers with recommendations on how to detect brute force activity on their systems. The document also offers recommendations on how to mitigate such activities.
“We explain the tactics, techniques, and procedures used by the Iranian actors, as well as indicators of compromise,” NSA Cybersecurity Director Dave Luber explained.
“Our agencies are sharing detailed insight into this malicious cyber activity and what organizations can do to shore up their defenses,” Luber added.