Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran

Iranian state-sponsored or affiliated threat actors are known to conduct a range of targeted cyber activity to include exploit known vulnerabilities in unpatched or outdated software, compromise internet-connected accounts and devices that use default or weak passwords and work with ransomware affiliates to encrypt, steal and leak sensitive information.

At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, we are urging critical infrastructure organizations to stay vigilant to Iranian-affiliated cyber actors that may target U.S. devices and networks. We strongly urge organizations to review our joint fact sheet and implement recommended actions to strengthen our collective defense against this potential cyber activity.

 The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3) and the National Security Agency (NSA) are actively monitoring and coordinating with government, industry, and international partners to identify and share actionable intelligence and provide resources and assistance. We also strongly urge organizations report suspicious or criminal activity related to potential Iranian cyber activity.