CyberSecurity Advisory
InfusionPoints is providing this cybersecurity advisory to our customers and contacts as a community service.
The Cybersecurity and Infrastructure Security Agency (CISA) within the US Department of Homeland Security (DHS) is sharing the following information with the cyber security community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:
- Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
- Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
- Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
- Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.
The U.S. intelligence community and various private sector threat intelligence organizations have identified the Islamic Revolutionary Guard Corps (IRGC) as a driving force behind Iranian state-sponsored cyberattacks–either through contractors in the Iranian private sector or by the IRGC itself.
Iranian Cyber Activity
According to open-source information, offensive cyber operations targeting a variety of industries and organizations—including financial services, energy, government facilities, chemical, healthcare, critical manufacturing, communications, and the defense industrial base—have been attributed, or allegedly attributed, to the Iranian government.
You should ensure that your firewalls, security information and event management (SIEM) systems, or other threat detection system / service is monitoring for any activity or suspicious behavior from the following IP addresses that have been linked to Iranian cyber activity. Note that InfusionPoints VNSOC360 customers are already being monitored at a heightened level of awareness, and our cybersecurity center is actively monitoring and tracking this threat.
109.125.162.92
109.232.3.11
109.72.192.226
128.65.180.242
128.65.186.74
151.235.139.31
151.235.188.79
151.235.191.186
151.235.201.169
151.235.205.82
151.235.230.218
151.241.213.67
151.242.192.147
151.243.9.187
164.215.244.236
176.122.210.6
176.65.255.250
178.173.136.155
178.173.141.47
178.173.144.32
178.173.149.161
178.239.148.176
178.239.150.43
185.103.246.192
185.120.214.38
185.124.173.87
185.128.154.82
185.128.155.131
185.136.193.136
185.136.193.66
185.140.56.14
185.141.105.197
185.145.184.47
185.20.163.2
185.26.33.176
185.46.110.71
185.47.49.245
188.136.143.208
188.136.144.220
188.136.168.70
188.158.112.7
188.158.90.58
188.208.210.50
188.208.57.219
188.209.34.86
188.209.45.67
188.211.200.152
188.212.177.203
188.212.186.205
188.212.191.58
188.214.162.20
188.214.179.5
188.214.188.69
188.215.136.67
188.215.139.126
2.178.8.40
2.179.249.217
2.180.1.127
2.180.236.154
2.180.4.193
2.183.102.140
2.183.117.102
2.183.239.24
2.183.82.95
2.183.95.16
2.184.239.224
2.184.249.79
2.184.32.35
2.184.45.72
2.184.57.87
2.185.240.183
2.185.56.92
2.186.117.226
2.187.1.124
2.187.13.133
2.187.19.67
2.187.2.51
2.187.20.194
2.187.223.80
2.187.23.149
2.187.237.86
2.187.24.211
2.187.25.128
2.187.26.42
2.187.64.25
2.187.66.238
2.188.19.2
2.188.21.130
2.188.21.131
2.188.21.132
2.188.21.2
2.188.21.3
2.188.21.4
2.188.85.23
2.190.12.32
2.190.38.75
212.80.17.34
217.218.127.171
217.218.127.172
217.218.127.174
217.218.127.175
217.218.127.177
217.218.127.179
217.218.127.182
217.218.127.183
217.218.127.184
217.218.127.185
217.218.204.186
217.219.72.194
217.219.84.194
217.24.146.38
217.24.156.171
217.60.197.6
217.60.231.149
31.14.157.0
31.59.244.129
37.152.160.18
37.27.223.174
37.32.14.10
37.32.39.112
37.32.46.18
46.100.224.233
46.100.71.58
46.100.81.91
46.100.82.68
46.209.107.100
46.209.191.162
46.209.209.209
46.224.1.220
46.224.1.221
46.225.126.75
46.225.128.170
46.248.48.105
5.120.81.236
5.160.111.145
5.160.111.31
5.160.130.204
5.160.131.218
5.160.2.232
5.160.220.106
5.160.220.107
5.190.146.130
5.190.15.50
5.190.157.21
5.190.175.106
5.190.202.183
5.190.50.48
5.200.200.26
5.200.200.50
5.202.112.114
5.202.145.214
5.202.146.175
5.202.32.143
5.202.40.225
5.202.41.234
5.202.44.241
5.202.76.251
5.219.69.139
5.232.224.54
5.232.227.64
5.232.243.231
5.233.162.145
5.234.167.157
5.234.222.79
5.234.252.168
5.235.220.121
5.235.248.27
5.235.250.215
5.236.131.177
5.236.133.67
5.236.172.223
5.236.181.162
5.236.185.87
5.239.115.67
62.60.135.51
77.104.104.104
77.104.106.2
77.36.147.12
77.36.159.1
77.36.159.10
77.42.87.198
77.42.88.223
77.42.88.56
77.42.95.176
78.38.176.217
78.38.41.92
78.39.188.157
79.127.119.138
81.12.56.68
83.147.240.227
84.241.0.139
84.241.27.16
84.241.62.89
85.133.130.86
85.15.48.93
85.15.7.165
85.185.201.87
85.204.219.102
85.204.94.182
86.57.6.209
87.107.155.12
87.107.38.45
87.107.57.75
87.107.60.4
87.107.75.211
89.165.116.32
89.221.84.98
89.36.96.65
89.38.197.100
91.106.94.152
91.184.87.105
91.240.63.129
91.243.167.49
91.243.168.118
91.250.229.250
91.99.102.170
91.99.96.158
93.115.148.213
93.117.15.75
93.117.22.108
93.117.28.200
93.117.4.90
93.118.114.77
93.126.2.157
94.139.162.95
94.182.17.159
94.182.216.218
94.182.44.106
94.74.162.92
95.81.87.227
