ACSC issues joint warning about cyber attacks on critical infrastructure

The Australian Cyber Security Centre is urging Australian critical infrastructure organisations to step up cyber security amid an international warning about Iranian state-sponsored attacks.

The warning follows a joint alert released on September 14 by the ACSC and international cyber security partners in the US, Canada and the UK.

The ACSC says the Islamic Revolutionary Guard Corps (IRGC), described as a government agency tasked with defending the Iranian regime against internal and external threats, is “actively targeting a broad range of entities, including entities across multiple US critical infrastructure sectors as well as United Kingdom, Australian and Canadian organisations”.

It urges Australian organisations, especially those in the critical infrastructure sector, to prepare for and mitigate against attacks.

Ransom operations

IRGC-affiliated actors are using network access for disk encryption and data extortion to support ransom operations, the advisory says.

“After gaining acces, the IRGC-affiliated APT actors likely to determine a course of action based on their perceived value of the data,” the advisory says.

“Depending on the perceived value, the actors may encrypt data for ransom and/or exfiltrate data. The actors may sell the data or use the exfiltrated data in extortion operations or ‘double extortion’ ransom operations where a threat actor uses a combination of encryption and data theft to pressure targeted entities to pay ransom demands.”

The ACSC says agencies should take action including updating systems, implementing multi-factor authentication and making offline backups of data.

The current advisory updates 2021 advice about Iranian government-sponsored APT actors exploiting Microsoft Exchange and Fortinet vulnerabilities.

Since the activity was reported in 2021, these IRGC-affiliated actors have continued to exploit known vulnerabilities for access, the ACSC says.

This joint Cybersecurity Advisory (CSA) follows an operation by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), US Cyber Command Cyber National Mission Force (CNMF), the Department of the Treasury (DoT), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS).

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

Leave a comment:

Your email address will not be published. All fields are required