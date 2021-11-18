



US and UK authorities say Iran is carrying out an “on-going” campaign of ransomware and other cyberattacks against critical US infrastructure and Australian organizations that began in March.

The FBI and the Cybersecurity and Infrastructure Security Agency, along with the UK and Australian Cybersecurity Centers, said in a joint statement that the Iranian government-backed hackers were “a wide range of victims in several critical U.S. infrastructure sectors, including transportation.” were actively targeted.” sector and the medical and public health sector”.

Hackers are exploiting software bugs in security group Fortinet and flaws in Microsoft’s email software first discovered by Chinese hackers to distribute ransomware, steal data or extort victims, the agency said.

According to the joint statement, Iranian activities included successful incursions in the US city government and US children’s medical specialty hospitals in May and June respectively.

The use of ransomware in Iran, where hackers agree to lock down an organization’s computer systems or data and only release it when a ransom is paid, is a notable change. Much of the ransomware activity that has spread to date has been attributed to Russian criminal groups, which recently sparked a crackdown by the administration of President Joe Biden.

In a separate blog post on Tuesday, Microsoft said that Iranian state actors “are increasingly using ransomware to raise funds or sabotage targets” and they “act more patiently and patiently while engaging targets” did,” he said.

The company said it has identified six Iranian threat groups that distribute ransomware on average every six to eight weeks since September last year.

The group typically uses social engineering to trick victims into clicking malicious links, use fake Google Meet video conference invitations and “continue bullying” victims into clicking, Microsoft added. Another group will build trust with their target before sending malicious files masquerading as attractive women on social media, the company said.

The report comes as the United States seeks to re-enter a 2015 multilateral agreement that limited Iran’s nuclear program in exchange for sanctions relief. Iran has accelerated its nuclear program since Donald Trump withdrew the United States from the 2018 pact, and UN watchdogs say it could have enough nuclear material to make a bomb within months.

US Special Envoy to Iran, Rob Marley, who is leading the US delegation, will visit the Middle East this week to discuss access to Iran with US regional allies, including the UAE, Israel, Saudi Arabia and Bahrain. The seventh round of indirect talks with the US is due to take place in Vienna later this month, the first since a hardline government was elected in Iran.

“Iran is rapidly increasing its influence through nuclear power, and it is making money in the cyber realm and strengthening its muscles in the region ahead of the resumption of nuclear negotiations to elicit more concessions from the United States,” Iran’s Director General Ali Vaez said. said International Crisis Group. “This is a multidimensional game on the brink.”

“We have a variety of concerns about Iran, including cyberattacks,” a State Department spokesperson said. We believe that the best way to solve our nuclear problem is through diplomacy and a speedy mutual return to full compliance. [Joint Comprehensive Plan of Action]. As you can see from today’s action, there are other tools that can handle different issues.”

Sources 1/ https://Google.com/ 2/ https://www.ft.com/content/22b323e0-b781-4eba-9d0b-dc62a0aad235

