The increase in activities by the Iranian APT requires increased vigilance!
An increase in activity by the Iranian APT has been noted recently.
After the cyber attacks discovered on July 17, 2022, Albania became the first country in the world to cut off diplomatic relations due to a cyber attack! At that time, specialized domestic agencies and international strategic partners addressed and assisted in the handling of the sophisticated attack, orchestrated by actors sponsored by the Islamic Republic.
of Iran. In February 2022, CISA, the Federal Bureau of Investigation (FBI), the U.S. Cyber Command Cyber National Mission Force’ (CNMF), UK National Cyber Security Centre
(NCSC-UK) and the National Security Agency (NSA) released a joint statement regarding monitoring of the Iranian government-sponsored APT MuddyWater – an APT
Iranian, which targeted the defense, oil and natural gas, local government and telecommunications industries.
Tactics and techniques of APT activity are analyzed by the article: https://www.avertium.com/resources/threat-reports/iranian-cyber-threats-apt42-andhomeland
The attack, which aimed to avoid detection and cause maximum damage, is also analyzed in the article below, concluding with tips for monitoring remote access programs, as well as monitoring for expired certificates that can be used to run malware. https://securelist.com/ransomware-and-wiper-signed-with-stolen-certificates/108350/ AKCESK, in the capacity of the Authority responsible for cyber security, reminds the operators of critical infrastructures of the importance of applying cyber security measures and increasing vigilance against these global attacks.