
Iran Threat Overview and Advisories
CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Iran state-sponsored cybersecurity activity.
Iranian government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices. Recent Iranian state-sponsored activity includes malicious cyber operations against operational technology devices by Islamic Revolutionary Guard Corps (IRGC)-affiliated advanced persistent threat (APT) cyber actors. The following actions are key to strengthening operational resilience against this threat:
- Rapidly mitigate external vulnerabilities, especially in network edge devices and appliances.
- Do not connect control systems directly to the public internet.
- Use strong unique passwords with different accounts for monitoring and changing control systems.

Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest
CISA, FBI, DC3, and NSA strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors.

Iranian Cyber Actors' Brute Force and Credential Activity Compromises Critical Infrastructure Organizations
The U.S. government and international partners have attributed cyber intrusions on critical infrastructure organizations to Iranian cyber actors. This advisory provides the actors’ TTPs and IOCs derived from FBI engagement with impacted entities.

Key Resources

Defending Against Nation-State Cyber Threats
Find more information on nation-state adversaries and related resources.

Physical Security
Find preventative and protective strategies to strengthen physical security.

Securing Public Gatherings
Find more information on mitigating security risks associated with public gatherings.

CISA Voluntary Cyber Incident Reporting
This resource is designed to help entities that may be considering voluntarily reporting cyber incidents understand “who” CISA recommends report an incident, “why and when” CISA recommends they report, as well as “what and how to report.”