Executive Summary
The death of Qasem Soleimani by a U.S. airstrike increases the likelihood that Iran will seek to retaliate against U.S. assets using destructive malware. However, given the complexity of attacks, timing of any potential action is uncertain.
APT33’s link to the Islamic Revolutionary Guard Corps (IRGC), Iran’s demonstrated willingness to employ destructive tools, and the continued deterioration of U.S.- Iranian relations heighten the risk of cyber retaliation.
U.S. oil and natural gas, financial, and critical infrastructure entities as well as those with operations in the Middle East, should be on high alert for all Iran-sponsored activity.
Potentially impacted organizations should prioritize detection of the initial stages of intrusions and implement mitigations against previously observed techniques by Iranian groups.
Threat Detail
The United States Department of Defense has stated, and Iranian state media has confirmed, that Qasem Soleimani, the commander of the elite Iran Revolutionary Guard Corps – Quds Force (IRGC-QF), was killed by a United States airstrike. This represents a significant escalation in the confrontation between the United States and Iran, and it could lead to cyber attacks against the interests of the U.S. and its allies. Iran’s President Hassan Rouhani stated that Iran would “take revenge.” Iran has significant cyber capabilities and has previously used them to retaliate for actions against Iran.
For further information contact us at: info@CherubAS.com or call (407) 416-7955
Complete our form and receive a Fireeye Executive Brief on Threat Intelligence.