Author(s)
CyberSecurity Advisory Iran

InfusionPoints is providing this cybersecurity advisory to our customers and contacts as a community service.

The Cybersecurity and Infrastructure Security Agency (CISA) within the US Department of Homeland Security (DHS) is sharing the following information with the cyber security community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:

  1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
  2. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
  3. Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
  4. Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

The U.S. intelligence community and various private sector threat intelligence organizations have identified the Islamic Revolutionary Guard Corps (IRGC) as a driving force behind Iranian state-sponsored cyberattacks–either through contractors in the Iranian private sector or by the IRGC itself.

Iranian Cyber Activity

According to open-source information, offensive cyber operations targeting a variety of industries and organizations—including financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base—have been attributed, or allegedly attributed, to the Iranian government.

You should ensure that your firewalls, security information and event management (SIEM) systems, or other threat detection system / service is monitoring for any activity or suspicious behavior from the following IP addresses that have been linked to Iranian cyber activity. Note that InfusionPoints VNSOC360 customers are already being monitored at a heightened level of awareness, and our cybersecurity center is actively monitoring and tracking this threat. 

 

109.125.162.92 
109.232.3.11 
109.72.192.226 
128.65.180.242 
128.65.186.74 
151.235.139.31 
151.235.188.79 
151.235.191.186 
151.235.201.169 
151.235.205.82 
151.235.230.218 
151.241.213.67 
151.242.192.147 
151.243.9.187 
164.215.244.236 
176.122.210.6 
176.65.255.250 
178.173.136.155 
178.173.141.47 
178.173.144.32 
178.173.149.161 
178.239.148.176 
178.239.150.43 
185.103.246.192 
185.120.214.38 
185.124.173.87 
185.128.154.82 
185.128.155.131 
185.136.193.136 
185.136.193.66 
185.140.56.14 
185.141.105.197 
185.145.184.47 
185.20.163.2 
185.26.33.176 
185.46.110.71 
185.47.49.245 
188.136.143.208 
188.136.144.220 
188.136.168.70 
188.158.112.7 
188.158.90.58 
188.208.210.50 
188.208.57.219 
188.209.34.86 
188.209.45.67 
188.211.200.152 
188.212.177.203 
188.212.186.205 
188.212.191.58 
188.214.162.20 
188.214.179.5 
188.214.188.69 
188.215.136.67 
188.215.139.126 
2.178.8.40 
2.179.249.217 

 

2.180.1.127 
2.180.236.154 
2.180.4.193 
2.183.102.140 
2.183.117.102 
2.183.239.24 
2.183.82.95 
2.183.95.16 
2.184.239.224 
2.184.249.79 
2.184.32.35 
2.184.45.72 
2.184.57.87 
2.185.240.183 
2.185.56.92 
2.186.117.226 
2.187.1.124 
2.187.13.133 
2.187.19.67 
2.187.2.51 
2.187.20.194 
2.187.223.80 
2.187.23.149 
2.187.237.86 
2.187.24.211 
2.187.25.128 
2.187.26.42 
2.187.64.25 
2.187.66.238 
2.188.19.2 
2.188.21.130 
2.188.21.131 
2.188.21.132 
2.188.21.2 
2.188.21.3 
2.188.21.4 
2.188.85.23 
2.190.12.32 
2.190.38.75 
212.80.17.34 
217.218.127.171 
217.218.127.172 
217.218.127.174 
217.218.127.175 
217.218.127.177 
217.218.127.179 
217.218.127.182 
217.218.127.183 
217.218.127.184 
217.218.127.185 
217.218.204.186 
217.219.72.194 
217.219.84.194 
217.24.146.38 
217.24.156.171 
217.60.197.6 
217.60.231.149 
31.14.157.0 
31.59.244.129 
37.152.160.18 
37.27.223.174 
37.32.14.10 
37.32.39.112 
37.32.46.18 
46.100.224.233 
46.100.71.58 
46.100.81.91 
46.100.82.68 
46.209.107.100 
46.209.191.162 
46.209.209.209 
46.224.1.220 
46.224.1.221 
46.225.126.75 
46.225.128.170 
46.248.48.105 
5.120.81.236 
5.160.111.145 
5.160.111.31 
5.160.130.204 
5.160.131.218 
5.160.2.232 
5.160.220.106 
5.160.220.107 
5.190.146.130 
5.190.15.50 
5.190.157.21 
5.190.175.106 
5.190.202.183 
5.190.50.48 
5.200.200.26 
5.200.200.50 
5.202.112.114 
5.202.145.214 
5.202.146.175 
5.202.32.143 
5.202.40.225 
5.202.41.234 
5.202.44.241 
5.202.76.251 
5.219.69.139 
5.232.224.54 
5.232.227.64 
5.232.243.231 
5.233.162.145 
5.234.167.157 
5.234.222.79 
5.234.252.168 
5.235.220.121 
5.235.248.27 
5.235.250.215 
5.236.131.177 
5.236.133.67 
5.236.172.223 
5.236.181.162 
5.236.185.87 
5.239.115.67 
62.60.135.51 
77.104.104.104 
77.104.106.2 
77.36.147.12 
77.36.159.1 
77.36.159.10 
77.42.87.198 
77.42.88.223 
77.42.88.56 
77.42.95.176 
78.38.176.217 
78.38.41.92 
78.39.188.157 
79.127.119.138 
81.12.56.68 
83.147.240.227 
84.241.0.139 
84.241.27.16 
84.241.62.89 
85.133.130.86 
85.15.48.93 
85.15.7.165 
85.185.201.87 
85.204.219.102 
85.204.94.182 
86.57.6.209 
87.107.155.12 
87.107.38.45 
87.107.57.75 
87.107.60.4 
87.107.75.211 
89.165.116.32 
89.221.84.98 
89.36.96.65 
89.38.197.100 
91.106.94.152 
91.184.87.105 
91.240.63.129 
91.243.167.49 
91.243.168.118 
91.250.229.250 
91.99.102.170 
91.99.96.158 
93.115.148.213 
93.117.15.75 
93.117.22.108 
93.117.28.200 
93.117.4.90 
93.118.114.77 
93.126.2.157 
94.139.162.95 
94.182.17.159 
94.182.216.218 
94.182.44.106 
94.74.162.92 
95.81.87.227

Let InfusionPoints assist you with your CyberSecurity needs today!

Contact Us