The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified an Iran-based cyber actor that is exploiting a virtual private network and targeting several Federal agencies, according to a joint advisory released this week.

By observing tactics, techniques, and procedures (TTPs), CISA said the Iran-based actor “has been observed exploiting several publicly known Common Vulnerabilities and Exposures (CVEs) dealing with Pulse Secure virtual private network (VPN), Citrix NetScaler, and F5 vulnerabilities.” The advisory continues, “This threat actor used these vulnerabilities to gain initial access to targeted networks and then maintained access within the successfully exploited networks for several months using multiple means of persistence.”

CISA and FBI conclude the advisory by making nearly a dozen recommendations, including implementing multi-factor authentication, routinely auditing configuration and patch management programs, and keeping software up to date.

Read More About
More Topics
Dwight Weingarten
Dwight Weingarten
Dwight Weingarten is a MeriTalk Staff Reporter covering the intersection of government and technology.