Original release date: December 3, 2020
Iranian cyber threat actors have been continuously improving their offensive cyber capabilities. They continue to engage in more conventional offensive cyber activities ranging from website defacement, distributed denial of service (DDoS) attacks, and theft of personally identifiable information (PII), to more advanced activities—including social media-driven influence operations, destructive malware, and, potentially, cyber-enabled kinetic attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Joint Cybersecurity Advisory AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities and Activity Alert AA20-133A: Top 10 Routinely Exploited Vulnerabilities for information on known Iranian advanced persistent threat (APT) actor tactics, techniques, and procedures (TTPs).
For more information on Iranian cyber threats, review the following products.
This product is provided subject to this Notification and this Privacy & Use policy.
Update (07/24/2025): CISA continues to update reporting on this ongoing activity, as threat actor tactics,…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA released nine Industrial Control Systems (ICS) advisories on July 22, 2025. These advisories provide…
CISA released six Industrial Control Systems (ICS) advisories on July 24, 2025. These advisories provide…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, in partnership with the Federal Bureau of Investigation (FBI), the Department of Health and…
This website uses cookies.