The Iranian-government affiliated IRGC is targeting a range of entities, across multiple US critical infrastructure sectors as well as UK, Australian and Canadian organisations

The Australian Cyber Security Centre is urging Australian critical infrastructure organisations to step up cyber security amid an international warning about Iranian state-sponsored attacks.

The warning follows a joint alert released on September 14 by the ACSC and international cyber security partners in the US, Canada and the UK.

The ACSC says the Islamic Revolutionary Guard Corps (IRGC), described as a government agency tasked with defending the Iranian regime against internal and external threats, is “actively targeting a broad range of entities, including entities across multiple US critical infrastructure sectors as well as United Kingdom, Australian and Canadian organisations”.

It urges Australian organisations, especially those in the critical infrastructure sector, to prepare for and mitigate against attacks.

Ransom operations

IRGC-affiliated actors are using network access for disk encryption and data extortion to support ransom operations, the advisory says.

“After gaining acces, the IRGC-affiliated APT actors likely to determine a course of action based on their perceived value of the data,” the advisory says.

“Depending on the perceived value, the actors may encrypt data for ransom and/or exfiltrate data. The actors may sell the data or use the exfiltrated data in extortion operations or ‘double extortion’ ransom operations where a threat actor uses a combination of encryption and data theft to pressure targeted entities to pay ransom demands.”

The ACSC says agencies should take action including updating systems, implementing multi-factor authentication and making offline backups of data.

The current advisory updates 2021 advice about Iranian government-sponsored APT actors exploiting Microsoft Exchange and Fortinet vulnerabilities.

Since the activity was reported in 2021, these IRGC-affiliated actors have continued to exploit known vulnerabilities for access, the ACSC says.

This joint Cybersecurity Advisory (CSA) follows an operation by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), US Cyber Command Cyber National Mission Force (CNMF), the Department of the Treasury (DoT), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS).

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.

Sign up to the Government News newsletter

Staff Writers

ACSC issues joint warning about cyber attacks on critical infrastructure

Ransom operations

TAGS

Leave a comment: Cancel reply

Latest comments

Anthony Gleeson on: Victorian infrastructure set to fail as climate change bites: report

Sue Phillips on: 15 councils participate in SA emissions reduction trial

Garth Daddy on: War memorial contracts fudged, audit finds

Most read

Scathing report finds little has changed at PwC

CEO on leave as minister launches probe into council

Qld council welcomes progress on massive battery system

‘Local’ procurement turns out not to be so local, committee hears

MoG changes see regions, investment return to NSW Premier’s Department

Popular posts

Latest news

Government offloads Airservices boss

New laws introduced to clean up local government

City of Perth to hit tree vandals with $5000 fines

Challenges loom for Sydney Trains, panel warns

Queensland seeks permanent Victim’s Commissioner