US warns that Iranian government-sponsored hackers are targeting critical US infrastructure

It’s a rare case of the US government going public link Iran to ransomware, more commonly used by cybercriminals than the government. And it’s a reminder that America’s ransomware problem isn’t just limited to Russia.

Iranian hackers are exploiting known vulnerabilities in software made by Microsoft and California-based supplier Fortinet to access systems and sometimes lock them down with ransomware, following advice from the FBI, Security Service US Cybersecurity and Infrastructure, Australia Cybersecurity Center and UK’s National Cyber ​​Security Center.

“These Iranian government-funded actors … could leverage this access for further activities, such as data intrusion or encryption, ransomware and extortion,” the advisory advises.

The Center for Health Information Sharing and Analysis, a group that shares cyber threats for major US healthcare providers, says it will soon share government advice United States with members.

“We’re taking this matter very seriously,” Errol Weiss, the group’s chief security officer, told CNN. “I would love to have the opportunity to work with the government on this before it comes out.”

It is not clear which US transportation and healthcare sectors were targeted by the hackers; Federal officials often don’t release the names of hack victims. Officials say the hackers appear to be focusing on exploiting software flaws rather than choosing specific areas to target.

Healthcare organizations have had limited resources, including cybersecurity services, throughout the coronavirus pandemic. But ransomware attacks – often from criminal groups based in Eastern Europe and Russia – on these organizations are only on the rise, according to attacks from private-sector experts.

However, the Iranian government’s alleged embezzlement of ransomware has received less public attention. But private-sector researchers have in recent months detailed Iran-linked hackers accused of using ransomware, warning that attacks by companies in Israel and elsewhere other to disrupt business and intimidate victim organizations rather than recover actual ransom payments.

Over the past 14 months, at least six Iranian hacking groups have used ransomware to “achieve their strategic goals”, Microsoft researchers say Tuesday. “This ransomware deployment is launched in batches averaging once every six to eight weeks.”

According to SentinelOne, another cybersecurity firm, a group of Iranians are suspected of posing as ransomware operators while carrying out attacks that sabotage Israeli organizations this year.

“[R]Ansomware operations provide opt-out capabilities, allowing countries to send messages without direct accountability,” said SentinelOne. conclude.
This is the second US advice on Iranian hacking in as many weeks. FBI on November 8 Separate warning for US companies, in a memo obtained by CNN, that Iranian agents searched cybercrime forums for sensitive data stolen from American organizations that could be useful in future hacking campaigns. future.


Source link


News7h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button