FBI PIN 20200109-001: Notice on Iranian Cyber Tactics and Techniques

TLP White
(January 9, 2020)

The FBI assesses foreign cyber actors operating in the Islamic Republic of Iran, one of two nation-states known to have conducted destructive cyber attacks inside the United States, could potentially use a range of Computer Network Operations (CNO) against US-based networks in retaliation for last week’s strikes against Iranian military leadership. The FBI has observed an increase in Iranian cyber reconnaissance activity since last week’s strike. Among the most common and effective methods Iranian cyber actors use to conduct CNO are spear-phishing, virtual private network (VPN) vulnerability targeting, and password spray attacks, which enable remote access and allow Iran to gather information to counter perceived threats to their regime. Businesses and individuals in the United States whom this activity may target include those involved in industries of interest to Iran, including academia, government, cleared defense contractors, and non-governmental organizations focusing on Iranian issues.