ACTION-DISTRO: Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical

ACTION-DISTRO: Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations

The FBI, CISA, NSA, Canada’s CSE, the AFP, and Australia's ACSC have issued a joint Cybersecurity Advisory alerting network defenders to Iranian cyber actors targeting multiple critical infrastructure sectors—including healthcare, government, IT, engineering, and energy—using brute force techniques, such as password spraying and MFA push bombing, to compromise accounts. Since October 2023, these actors have been accessing organizations’ networks to obtain credentials and network information, which they then likely sell on cybercriminal forums. The advisory details these tactics and indicators of compromise and recommends that critical infrastructure organizations strengthen account security by using strong passwords and implementing multi-factor authentication.