U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

In a joint statement issued earlier today, cybersecurity and intelligence agencies from Australia, Canada, and the United States warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. The warning comes as the three countries continue to investigate a series of high-profile cyberattacks that have targeted healthcare and transportation organizations in recent months.

According to the statement, Iranian actors have used brute force and password spraying techniques to compromise user accounts and obtain access to sensitive data since October 2023. The attacks have been directed at a range of industries, including healthcare, transportation, energy, and financial services.

The warning is the latest in a series of alerts issued by Western governments about Iranian cyberactivity. In June 2023, the U.S. Department of Homeland Security warned that Iranian hackers were stepping up their efforts to target critical infrastructure, including energy and financial systems. The following month, the FBI and the UK’s National Cyber Security Centre issued a joint alert about a new wave of cyberattacks linked to Iran.

The attacks have been linked to a group known as “APT33,” which is believed to be backed by the Iranian government. APT33 has been active since at least 2013 and has been linked to several high-profile attacks, including a 2017 breach of the U.S. Department of Defense’s computer system.

The latest campaign is believed to be part of a larger effort by Iran to disrupt critical infrastructure in Western countries. In June, the U.S. accused Iran of carrying out a series of cyberattacks on oil and gas companies in the Middle East, as well as a major attack on Saudi Arabia’s state-owned oil company, Aramco.

The warning from the U.S., Australia, and Canada comes as tensions between Iran and Western countries continue to escalate. In June, Iran shot down a U.S. drone, sparking a series of retaliatory strikes by the U.S. on Iranian military targets. The situation has remained volatile since then, with both sides continuing to exchange hostilities.

The cyberattacks are seen as a key component of Iran’s strategy to disrupt its adversaries. In addition to targeting critical infrastructure, Iranian hackers have also been accused of launching attacks on media outlets and think tanks.

The U.S., Australia, and Canada are urging organizations in the targeted sectors to take immediate steps to protect themselves from the ongoing campaign. This includes implementing strong password policies, using multi-factor authentication, and regularly updating software and systems.

In a statement, a spokesperson for the U.S. Department of Homeland Security said, “We are taking this issue very seriously and are working closely with our partners in government and industry to monitor the situation and protect critical infrastructure.”

The Australian Cyber Security Centre also issued a statement, saying, “Australian organizations should be aware of the heightened risk of cyber attacks from Iranian actors and take steps to increase their cyber resilience.”

The Canadian Centre for Cyber Security added, “We urge all Canadian organizations to remain vigilant and take appropriate measures to protect themselves against these types of threats.”

As tensions between Iran and Western countries continue to rise, it is likely that the number of cyberattacks will also increase. It is essential for organizations in the targeted sectors to take proactive steps to protect themselves from these threats. By implementing strong security protocols and staying vigilant, they can minimize the risk of falling victim to these attacks.