US warns that Iranian government-sponsored hackers are targeting critical US infrastructure
Iranian hackers are exploiting known vulnerabilities in software made by Microsoft and California-based supplier Fortinet to access systems and sometimes lock them down with ransomware, following advice from the FBI, Security Service US Cybersecurity and Infrastructure, Australia Cybersecurity Center and UK’s National Cyber Security Center.
“These Iranian government-funded actors … could leverage this access for further activities, such as data intrusion or encryption, ransomware and extortion,” the advisory advises.
The Center for Health Information Sharing and Analysis, a group that shares cyber threats for major US healthcare providers, says it will soon share government advice United States with members.
“We’re taking this matter very seriously,” Errol Weiss, the group’s chief security officer, told CNN. “I would love to have the opportunity to work with the government on this before it comes out.”
It is not clear which US transportation and healthcare sectors were targeted by the hackers; Federal officials often don’t release the names of hack victims. Officials say the hackers appear to be focusing on exploiting software flaws rather than choosing specific areas to target.
Healthcare organizations have had limited resources, including cybersecurity services, throughout the coronavirus pandemic. But ransomware attacks – often from criminal groups based in Eastern Europe and Russia – on these organizations are only on the rise, according to attacks from private-sector experts.
However, the Iranian government’s alleged embezzlement of ransomware has received less public attention. But private-sector researchers have in recent months detailed Iran-linked hackers accused of using ransomware, warning that attacks by companies in Israel and elsewhere other to disrupt business and intimidate victim organizations rather than recover actual ransom payments.
According to SentinelOne, another cybersecurity firm, a group of Iranians are suspected of posing as ransomware operators while carrying out attacks that sabotage Israeli organizations this year.
