Iran-based cyber actors are compromising critical infrastructure networks using brute force attacks, such as password spraying and multi-factor authentication (MFA) push bombing to compromise user accounts and obtain access to organisations’ networks.
We have released a joint advisory – Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure – in collaboration with our international partners. The advisory highlights the actors’ tactics, techniques, and procedures and indicators of compromise, based on information from FBI engagements with entities impacted by this malicious activity.
Critical infrastructure organisations should follow the guidance provided in the advisory. At a minimum, organisations should:
- ensure all accounts use strong passphrases
- use multi-factor authentication (MFA) and ensure users with MFA enabled accounts have MFA set up appropriately and deny MFA requests they have not generated.
To learn more about keeping your organisation’s credentials secure, read the advisory.