The FBI has published a TLP:WHITE Private Industry Notification (PIN) providing context and recommendations to protect against malicious activity by Iranian cyber group Emennet Pasargad. While some of the Emennet’s  most notable cyber activities have involved information operations, particularly election interference activities, it has also conducted traditional cyber exploitation activity targeting several sectors, including oil and petrochemical, financial, and telecommunications, in the U.S., Europe, and the Middle East.

The FBI has found multiple tactics, techniques, and procedures (TTPs) associated with this adversary, including using VPN services to obfuscate the origin of its activity; exploiting specific software applications, like Wordpress; and using the open-source penetration testing tool SQLmap, among others. The PIN includes further technical details regarding this activity, including Common Vulnerabilities and Exposures (CVEs), and lists recommended mitigations. The FBI also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or CyWatch@fbi.gov. 

Access the Full Report Below.