Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activities—including social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks, warns the Cybersecurity and Infrastructure Security Agency (CISA).

CISA encourages users and administrators to review Joint Cybersecurity Advisory AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities and Activity Alert AA20-133A: Top 10 Routinely Exploited Vulnerabilities for information on known Iranian advanced persistent threat (APT) actor tactics, techniques, and procedures (TTPs).

For more information on Iranian cyber threats, review the following documents from CISA:

• Joint Cybersecurity Advisory AA20-304A: Iranian Advanced Persistent Threat Actor Identified Obtaining Voter Registration Data
• Joint Cybersecurity Advisory AA20-296B: Iranian Advanced Persistent Threat Actors Threaten Election-Related Systems
• Malware Analysis Report AR20-259A: MAR-10297887-1.v2 – Iranian Web Shells
• Activity Alert AA20-006A: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
• CISA Insights: Increased Geopolitical Tensions and Threats