AA24-241A : Joint Cybersecurity Advisory on Iranian Cyber...

AA24-241A : Joint Cybersecurity Advisory on Iranian Cyber Actors Targeting US Organizations

On August 28, the Cybersecurity and Infrastructure Security Agency (CISA) published a joint Cybersecurity advisory (CSA) in coordination with The Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3). The advisory highlights the recent ransomware activities of Iranian threat actors that go by a few monikers including Pioneer Kitten, Fox Kitten, UNC757, Parasite, RUBIDIUM and Lemon Sandstorm against US organizations spanning several industries.

The threat actor has been observed leveraging several vulnerabilities, both old and new for initial access to target environments including CVE-2024-3400, CVE-2024-24919, CVE-2019-19781, CVE-2023-3519, CVE-2022-1388 and CVE-2024-21887 in their campaigns. This includes flaws in technologies such as F5 BIG-IP, Palo Alto PAN-OS, Check Point Security Gateway, Ivanti Connect Secure, Ivanti Policy Secure, Citrix Application Delivery Controller (ADC) and Citrix Gateway.

For more information, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

AA24-241A : Joint Cybersecurity Advisory on Iranian Cyber...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia