Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering
CISA Issues Guidance to Counter Iran's Election Interference
CISA and FBI Warn of Iranian Hackers Targeting US Political Campaigns and OfficialsThe U.S. cyber defense agency unveiled mitigation strategies and key recommendations Tuesday to help Americans involved in national political organizations counter escalating cyber threats from Iran aimed at undermining confidence in democratic institutions.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
The Cybersecurity and Infrastructure Security Agency and FBI published guidance warning that cyber actors tied to Iran's Islamic Revolutionary Guard Corps are using social engineering tactics through email and chat applications to compromise the accounts of senior government officials, think tank personnel, journalists, activists and lobbyists.
Iranian threat actors impersonate personal or professional contacts of potential victims and direct them to "a spoofed, or convincing but fake, email login page" before eventually gaining access to the victim's accounts.
The FBI confirmed in August that Iran hacked the campaign of Republican presidential nominee Donald Trump. Iran and Russia have "sought access to individuals with direct access to the presidential campaigns of both political parties" through social engineering and other influence efforts, the bureau said at the time (see: FBI Confirms Iranian Hack Targeting Trump Campaign).
Reports have consistently warned of Iranian nation-state hackers working throughout the entire 2024 election cycle to undermine confidence in the November vote. A recent Google report found the Iranian cyberespionage group tracked as APT42 launched a phishing campaign targeting candidates from both political parties (see: Iran Still Attempting to Hack US Elections: Google).
CISA and the FBI on Tuesday urged targeted Americans to watch out for unsolicited contact from individuals claiming to use new accounts or phone numbers, as well as any unusual email requests or accounts attempting to pass links or files through social media. Email messages with suspicious alerts and unsolicited email messages with shortened links should also be treated with caution, according to the guidance.
The federal agencies also encouraged U.S. citizens associated with national campaigns to use phishing-resistant multifactor authentication for all email, social media and collaboration tools, as well as a password manager to generate strong, unique passwords for each of their accounts. The guidance recommended users not access putative alerts sent through emails, chat messages or social media accounts, instead suggesting to verify the legitimacy of the alert by visiting the site in question directly.
Organizations associated with national campaigns can also help prevent or mitigate spearphishing and other cyberattacks by requiring the use of strong MFA protocols, enterprise password managers and by training staff to confirm unusual or suspicious messages from known and unknown contacts. Campaigns and other groups can also enable alerts for suspicious activity and recommend employees routinely update the software on their personal devices to further enhance security.
"IRGC cyber actors pose an ongoing and escalating risk," CISA Executive Assistant Director for Cybersecurity Jeff Greene said in a statement accompanying the guidance, adding that CISA and the FBI are working closely to "provide timely, actionable information that helps our partners reduce their risk from myriad threats."