Iran Threat Overview and Advisories

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Iran state-sponsored cybersecurity activity.

Iranian government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices. Recent Iranian state-sponsored activity includes malicious cyber operations against operational technology devices by Islamic Revolutionary Guard Corps (IRGC)-affiliated advanced persistent threat (APT) cyber actors. The following actions are key to strengthening operational resilience against this threat:

Rapidly mitigate external vulnerabilities, especially in network edge devices and appliances.
Do not connect control systems directly to the public internet.
Use strong unique passwords with different accounts for monitoring and changing control systems.

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

CISA, FBI, DC3, and NSA strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors.

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest

Outline of the country of Iran with flag and binary number background.

Iranian Cyber Actors' Brute Force and Credential Activity Compromises Critical Infrastructure Organizations

The U.S. government and international partners have attributed cyber intrusions on critical infrastructure organizations to Iranian cyber actors. This advisory provides the actors’ TTPs and IOCs derived from FBI engagement with impacted entities.

View Advisory