



This is a rare case where the US government publicly associates Iran with ransomware, which is typically used by cybercriminals rather than governments. And it’s a reminder that America’s ransomware problem isn’t just limited to Russia.

Iranian hackers are exploiting known flaws in software created by Microsoft and California vendor Fortinet to gain access to systems and sometimes lock them down with ransomware, according to the advice of the FBI, the US Agency for Cybersecurity and Infrastructure Security, the Australian Cyber ​​Security Center and the UK National Cyber ​​Security Center.

“These Iranian government-sponsored actors (…) can take advantage of this access for follow-up operations, such as exfiltration or data encryption, ransomware and extortion,” the advisory says. .

The Health Information Sharing and Analysis Center, a cyberthreat sharing group for large U.S. healthcare providers, said it would quickly share the U.S. government’s opinion with its members.

“We take this very seriously,” Errol Weiss, group security manager, told CNN. “I would have loved to have had the chance to work on this with the government before it was released.”

It is not known which US healthcare and transportation sectors were targeted by hackers; federal officials generally do not publicly name the victims of hackers. Hackers appear to be focusing on exploiting software vulnerabilities, rather than choosing specific industries to target, officials said.

Healthcare organizations have been strapped for resources, including cybersecurity services, throughout the coronavirus pandemic. But ransomware attacks – often by criminal groups based in Eastern Europe and Russia – against these organizations have only increased, according to the tally of attacks from private sector experts.

However, the Iranian government’s alleged attempts at ransomware have received less public attention. But in recent months, private sector researchers have detailed the alleged use of ransomware by hackers linked to Iran, warning that hacks of companies in Israel and elsewhere are intended to disrupt business operations and intimidate individuals. victims’ organizations rather than recovering the actual ransom payments.

In the past 14 months, at least six Iranian hacking groups have used ransomware to “achieve their strategic goals,” Microsoft researchers said Tuesday. “These ransomware deployments were launched in waves every six to eight weeks on average.”

According to SentinelOne, another cybersecurity firm, a suspected Iranian group has posed as ransomware operators while carrying out disruptive hacks of Israeli organizations this year.

“[R]ansomware activity provides denial, allowing states to send a message without being directly blamed, ”SentinelOne concluded. This is the second US opinion on Iranian hacking activity in as many weeks. On November 8, the FBI privately warned U.S. companies, in a memo obtained by CNN, that Iranian agents searched cybercrime forums for sensitive data stolen from U.S. organizations that could be useful in future hacking campaigns. .

