CyberAv3ngers
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Iran |
| Associated Threat Actor | Islamic Revolutionary Guard Corps (IRGC) |
The CyberAv3ngers (Cyber Av3ngers) are an Iranian intrusion set affiliated with the Islamic Revolutionary Guard Corps (IRGC). They are known for targeting critical infrastructure, particularly in the U.S., and have a history of cyber attacks (or claims of cyber attacks) dating back to 2020.
In 2023, the group exploited Israeli manufactured Programmable Logic Controllers (PLCs) used in Water and Wastewater treatment plants. The group exploited default passwords and well-documented ports which were publicly accessible to gain control over systems. After gaining access to systems, they defaced user interfaces, leaving messages indicating their intrusion.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
CyberAv3ngers Threat Reports
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
This advisory from CISA and partners describes activity by IRGC-affiliated cyber actors "CyberAv3ngers". According to the advisory, the ...
References
www.hivepro.com
https://www.hivepro.com/threat-advisory/iranian-apt-group-cyberav3ngers-target-us-critical-infrastructure/www.cisa.gov
https://www.cisa.gov/sites/default/files/2023-12/aa23-335a-irgc-affiliated-cyber-actors-exploit-plcs-in-multiple-sectors-1.pdftherecord.media
https://therecord.media/water-outage-in-ireland-county-mayowww.cisa.gov
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335awww.sentinelone.com
https://www.sentinelone.com/blog/iran-backed-cyber-av3ngers-escalates-campaigns-against-u-s-critical-infrastructure/MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1110 | Brute Force | Credential Access |