CISA and FBI issue joint advisory on Iranian government-sponsored APT actors compromising federal network

In the USA, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigations (FBI) have issued a cybersecurity advisory regarding an incident at a Federal Civilian Executive Branch (FCEB). Having assessed that the FCEB network was compromised by Iranian government-sponsored advanced persistent threat (APT) actors, the two entities provided details on the actors’ tactics, techniques, and procedures. One of the findings was that the cyber threat actors exploited the Log4Shell vulnerability in an unpatched VMware Horizon server. As such, organisations with affected VMware systems that did not immediately apply available patches or workarounds were advised toto assume compromise and initiate threat-hunting activities.