In a joint effort to fortify the security of U.S. democratic institutions, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a crucial fact sheet aimed at safeguarding individuals and organizations associated with national political entities.
The document, titled How to Protect Against Iranian Targeting of Accounts Associated with National Political Organizations, outlines the ongoing threats posed by cyber actors affiliated with the Iranian government’s Islamic Revolutionary Guard Corps (IRGC) and provides actionable steps to mitigate their impact.
Escalating Threat from IRGC-Affiliated Cyber Actors
According to the fact sheet, cyber actors tied to the IRGC have been actively using social engineering techniques across email platforms and chat applications to target and compromise both personal and business accounts in the United States. Their primary targets include individuals involved in national political organizations and those working on issues related to Iranian and Middle Eastern affairs.
By exploiting social networks and communication platforms, these actors aim to sow discord, undermine confidence in U.S. democratic institutions, and destabilize trust in key political figures and processes.
Jeff Greene, CISA’s Executive Assistant Director for Cybersecurity, expressed growing concern over the persistent threat. IRGC cyber actors pose an ongoing and escalating risk. We urge individuals and organizations associated with national political organizations or campaigns to review and implement actions in this joint fact sheet.”
CISA & FBI Key Recommendations for Strengthening Cybersecurity
In response to this threat, CISA and the FBI have provided a range of mitigation strategies designed to protect individuals and organizations against phishing attempts, social engineering, and other forms of cyber intrusion. These recommendations, while relevant to all, are especially critical for those directly associated with high-risk groups such as political organizations and campaigns. The following are some of the top strategies outlined in the fact sheet:
For Individuals
- Be Vigilant for Suspicious Contact
IRGC actors frequently use unsolicited communications as a gateway for cyberattacks. Be cautious of unknown individuals or even familiar contacts who claim to be using a new phone number or email address. Pay close attention to unusual email requests from known contacts, especially if they involve sharing files or clicking on unfamiliar links. - Avoid Accessing Accounts via Links in Emails
One common phishing tactic is to trick individuals into clicking on malicious links in emails that appear to be from trusted sources. Always access sensitive accounts directly through their official websites rather than through email links. - Watch for Shortened Links
Emails or messages containing shortened URLs (e.g., tinyurl, bit.ly) should be treated with suspicion, especially if they come from an unknown source or seem out of context. - Use Phishing-Resistant Multifactor Authentication (MFA)
To add an extra layer of security, individuals are urged to implement phishing-resistant MFA for their email, social media, and collaboration tools. This form of MFA is much more difficult for threat actors to bypass. - Keep Applications and Operating Systems Updated
Regularly update your devices’ operating systems and applications to reduce the risk of exploitation by cyber actors. Where possible, enable automatic updates to ensure your systems remain secure. - Employ Antivirus and Anti-Malware Protections
Ensure that your device’s built-in antivirus and anti-malware tools are active and updated to provide ongoing protection against emerging threats.
For Organizations
For organizations, particularly those involved in political campaigns or national political matters, the stakes are even higher. The fact sheet outlines several essential steps to protect their infrastructure and workforce from cyberattacks:
- Implement Phishing-Resistant MFA for Employees
Phishing-resistant MFA, such as physical security keys or passkeys, should be a standard for all employees. This method offers the highest level of protection against account takeover attempts. - Provide Enterprise Password Managers
Password managers can automatically generate strong, unique passwords for different accounts, making it much harder for attackers to gain access to multiple systems through password reuse. They also offer a useful way to detect phishing attacks by only filling in credentials on legitimate websites. - Enable Anti-Phishing and Anti-Spoofing Features
Many email service providers offer built-in features to block malicious emails and prevent email spoofing. These should be enabled to reduce the likelihood of employees falling victim to phishing schemes. - Staff Training on Account Usage
Employees should be trained to use only official business accounts for work-related communications. These accounts typically have stronger security measures than personal accounts, which are often more vulnerable to attack. - Verification of Unusual Requests
Organizations should encourage employees to verify suspicious or unusual email requests via a separate, secure communication method. For instance, if an employee receives a questionable email, they should confirm its legitimacy through a phone call or direct message on a different platform. - Routine Software Updates and MFA for Personal Devices
Organizations should strongly encourage employees to keep their personal devices updated and protected by MFA, particularly if these devices are used for any work-related tasks. - Email Banner Alerts
Adding a banner to emails received from outside the organization can serve as a helpful reminder for employees to exercise caution when interacting with unfamiliar contacts. - Enable Alerts for Suspicious Activity
Organizations should configure their systems to detect and alert on suspicious behavior, such as login attempts from foreign IP addresses or unusual account activity. These alerts can provide early warnings of potential security breaches.
Conclusion: A Call for Vigilance and Action
With the 2024 U.S. elections just around the corner, the risks posed by cyber actors targeting political organizations are more pressing than ever. As the country gears up for another pivotal electoral cycle, the threats from Iranian-affiliated groups like the IRGC highlight the importance of heightened cybersecurity measures. These malicious actors are not only looking to disrupt, but to shake public trust in the very democratic processes that form the backbone of the nation.
As we approach a critical election year, ensuring the security of digital infrastructure is not just about safeguarding individual accounts — it’s about protecting the integrity of democracy itself. By following guidance provided by CISA and the FBI, political organizations and individuals can help fortify the election process against those who seek to undermine it. The vigilance we maintain now could make all the difference in preserving the trust and transparency that are vital to the democratic system.