Skip to main content

Advice for Malicious Cyber Activity by Iran

Australian organisations are urged to be alert to continued malicious cyber activity conducted by Advanced Persistent Threat (APT) actors, assessed to be affiliated with the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC).

This advice follows a new joint Cybersecurity Advisory released by the Australian Cyber Security Centre (ACSC), in collaboration with our international cyber security partners.

This advisory updates a prior technical advisory from November 2021 detailing Iranian Government-sponsored APT cyber actors exploiting known vulnerabilities and provides new technical information about continued malicious cyber activity by the IRGC. It has been developed with the United States (Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, U.S. Cyber Command Cyber National Mission Force, Department of the Treasury), the United Kingdom (National Cyber Security Centre) and Canada (Canadian Centre for Cybersecurity).

The IRCG APT group is actively targeting a broad range of victims, including some Australian organisations.

Australian organisations are encouraged to review the technical advisory and detailed indicators of compromise associated with this APT group’s activities, as well as the recommended mitigations organisations can implement to bolster their cyber defences and protect against these attacks now.

Organisations can prepare for and mitigate against potential cyber threats immediately, by patching and updating systems, implementing multi-factor authentication, enforcing backup policies and procedures, along with other vital mitigation.

All Australians are urged to report cybercrime and cyber security incidents to ReportCyber, or call the 24/7 Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).