Original release date: November 17, 2021
CISA, the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a joint Cybersecurity Advisory highlighting ongoing malicious cyber activity by an advanced persistent threat (APT) group that FBI, CISA, ACSC, and NCSC assess is associated with the government of Iran. FBI and CISA have observed this Iranian government-sponsored APT exploit Fortinet and Microsoft Exchange ProxyShell vulnerabilities to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.
Joint Cybersecurity Advisory AA21-321A provides observed tactics and techniques, as well as indicators of compromise that FBI, CISA, ACSC, and NCSC assess are likely associated with this Iranian government-sponsored APT activity. FBI, CISA, ACSC, and NCSC urge critical infrastructure organizations to apply the recommendations listed in the advisory to mitigate risk of compromise from Iranian government-sponsored cyber actors.
CISA also recommends reviewing its Iran Cyber Threat Overview and other Iran-related Advisories.
This product is provided subject to this Notification and this Privacy & Use policy.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-41940 WebPros…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.