Warning Issued on Escalating Cyber and Physical Threats Amid U.S.-Israeli Campaign
A coalition of threat intelligence organizations issued a dire warning on Wednesday, indicating that the ongoing bombing campaign by the U.S. and Israel has heightened the probability of retaliatory cyberattacks from actors affiliated with Iran, as well as physical assaults from extremist factions.
The coalition, spearheaded by the Food and Agriculture Information Sharing and Analysis Center in conjunction with the Information Technology-ISAC, cautioned that state-sponsored entities, hacktivist collectives, and criminal organizations are poised to target critical infrastructure within the U.S., employing various methodologies, including spear-phishing and the exploitation of stolen credentials.
“Iranian operatives possess significant capabilities and frequently exhibit increased activity during periods of geopolitical turbulence,” remarked Scott Algeier, executive director of IT-ISAC, while speaking to Cybersecurity Dive.
The intent of this advisory is to bridge the disparity in intelligence dissemination between governmental outputs and the comprehensive resources of participating Information Sharing and Analysis Centers (ISACs).
A total of ten organizations took part in this collective advisory effort, including Health-ISAC, WaterISAC, and National Defense ISAC, among others.
Information security teams are being urged to adopt preventive protocols, vigilantly monitor for anomalies, back up critical data, implement multifactor authentication, and prepare for incident response scenarios.
This alert comes in the wake of confirmed assaults attributed to pro-Iran hacktivists and factions linked to the Iranian regime.
In recent weeks, several U.S. corporations have become targets for cyber incursions, either by hacktivist factions or state-contracted threat actors.
On Wednesday, medical device manufacturer Stryker fell victim to a suspected wiper attack, disrupting its Microsoft environment significantly.
The Cybersecurity and Infrastructure Security Agency (CISA) announced it is closely monitoring the Iranian threat landscape, particularly amid a partial government shutdown that directly impacts the Department of Homeland Security.
“We are collaborating closely with our public and private sector partners as we continue to gather pertinent information and provide technical assistance regarding the targeted assault on Stryker while remaining vigilant in our commitment to safeguard our nation’s critical infrastructure,” stated CISA Acting Director Nick Andersen in a report to Cybersecurity Dive. “In response to all cyber incidents, we have initiated an inquiry into this situation.”
Researchers from Symantec and Carbon Black reported that a state-backed threat actor, known as Seedworm or MuddyWater, has been infiltrating the networks of several U.S. companies since early February, implanting malicious backdoors.
The advisory further cites specific attacks since early March, including a Distributed Denial of Service (DDoS) assault from the pro-Russia hacktivist group NoName057(16) that targeted Israeli organizations on March 4.
Moreover, the coalition cautions that government-affiliated sleeper cells, lone wolf sympathizers, and others may resort to physical aggression as a reprisal related to the ongoing conflict.
Notably, at least two clerics in Iran have issued fatwas—religious edicts—calling for vengeance in response to the assassination of Iran’s former Supreme Leader Ali Khamenei at the onset of the bombing campaign.
Source link: Cybersecuritydive.com.
