US and UK agencies say Iran is behind ‘ongoing’ ransomware campaign
US and UK authorities say Iran is waging an “ongoing” campaign of ransomware and other cyberattacks on US critical infrastructure and Australian institutions beginning in March.
In one Joint statement, the FBI and the Cybersecurity and Infrastructure Agency and UK and Australian cybersecurity centers say that Iranian government-funded hackers have “actively targeted a wide range of victims”. across many areas of critical U.S. infrastructure, including the transportation and healthcare sectors, and the public health sector.”
Hackers exploited a bug in security group Fortinet’s software and a flaw in Microsoft’s email software first discovered by Chinese hackers to deploy ransomware, steal data or blackmail victims individuals, the agencies said.
According to the joint statement, Iran’s activities include successfully infiltrating US city governments and US hospitals specializing in children’s health in May and June.
The use of ransomware via Iran – in which hackers lock down an organization’s computer systems or data, agreeing to release only if a ransom is paid – marks a notable change. Much of the increase in ransomware activity to date has been blamed on Russian criminal groups, causing recent suppression by the administration of US President Joe Biden.
Microsoft said in a separate call blog post on Tuesday that Iran’s national-state organizations have “increasingly used ransomware to collect money or disrupt their goals” and that they have become “more patient and persistent in carrying out their goals.” mine”.
Microsoft says it has identified six Iranian threat groups that deployed the ransomware in batches averaging six to eight weeks as of September 2020.
These groups often use social engineering to trick victims into clicking malicious links, Microsoft added, with one group using fake Google Meet video conference invitations and “constantly harassing” victims. to click on them. Another group will pose as attractive women on social media to build trust with the target, before sending them malicious files, the company said.
The report comes as the United States seeks to rejoin the 2015 multilateral treaty that restricted Iran’s nuclear program in exchange for sanctions relief. Since Donald Trump pulled the US out of the pact in 2018, Tehran has accelerated its nuclear program and a United Nations watchdog says it may have enough nuclear material for a bomb within days. within a few months.
Rob Malley, the US special envoy for Iran who leads the US delegation, is in the Middle East this week to discuss the Iran approach with US regional allies, including the UAE, Israel, and Saudi Arabia. Arabia and Bahrain. The seventh round of indirect negotiations with the United States will take place in Vienna later this month, for the first time since a hardline government was elected in Iran.
Mr. Ali Vaez, Iran Director at the International Crisis Group. “It’s a multi-dimensional game of ingenuity.”