Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) with technical details on cyber activity by Iranian state-sponsored threat actors that launched a destructive cyberattack against the government of Albania. Members are encouraged to review this advisory for greater understanding of adversary capabilities and behaviors and for recommended mitigations to protect systems from similar threats – irrespective of threat group or victimology.

In July, Iranian cyber actors launched a destructive cyber attack against the Government of Albania which rendered websites and services unavailable. According to the CSA, “Iranian state cyber actors acquired initial access to the victim’s network approximately 14 months before launching the destructive cyber attack which included a ransomware-style file encryptor and disk wiping malware. The actors maintained continuous network access for approximately a year, periodically accessing and exfiltrating e-mail content.” The advisory includes further technical details regarding this activity, including indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the Iranian threat actors. It also provides recommended mitigations to assist network defenders.

To report suspicious or criminal activity related to information found in advisory, contact your local FBI field office, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937, or by e-mail at CyWatch@fbi.gov. If you have any further questions, or to request incident response resources or technical assistance related to these threats, contact CISA at CISAServiceDesk@cisa.dhs.gov. Access the full advisory at CISA.