Updated on 2022-11-07: Iranian threat actors
The security team at the US Department of Health and Human Services has a summary [PDF] of Iran-based threat actors and their most common TTPs.
Overview: US HHS Brief on Iranian Threat Actors and Healthcare
The US Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center has published an alert detailing information about Iranian threat actors conducting attacks against organizations in the healthcare sector. The brief includes an analysis of the Iranian cyberattack landscape, attack analysis, and tactics, techniques, procedures, and mitigations.
Note
- While the alert is specific to Iranian threat actors, the underlying cyberattack techniques employed are common across all threat actors. The CIS Community Defense Model uses the MITRE ATT&CK framework to document those common attack techniques into the top five attack patterns and then measures the effectiveness of the critical security controls in disrupting each of those attacks. At the end of the day, organizations want to defend themselves against cyberattack by every threat actor.
- Whether or not you see yourself as a target from Iranian threat actors, leverage the briefing, taking the listed TTPs to tabletop exercises to make sure that you’re covered for these attack vectors. Make sure that you test those assumptions and address gaps.
Read more in
