Federal agencies in the United States, the United Kingdom and Australia have claimed hackers linked to the Iranian government are behind an ongoing campaign targeting critical infrastructure, including hospitals in the US. Iran stresses the country is itself a victim of cyberattacks by the US and Israel.
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC) and the Australian Cyber Security Centre (ACSC) outlined the malicious activity in a joint advisory.
The agencies noted that the hackers had targeted “a broad range of victims across multiple US critical infrastructure sectors” since at least March of this year, often through exploiting vulnerabilities in devices from cybersecurity group Fortinet and Microsoft Exchange ProxyShell to launch ransomware attacks.
The Iranian-linked advanced persistent threat group (APT) was specifically found to be targeting the US health and transportation sectors, including a hospital specializing in children’s care in July, and to have gone after a domain for a US municipal government in May.
The ACSC has also seen the hackers target victims in Australia.
“FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors,” the advisory reads.
“These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” it added.
The advisory was released the day after Microsoft’s Threat Intelligence Center shared new findings on Iranian hacking activity. Researchers noted that Iranian hackers were “increasingly utilizing ransomware to either collect funds or disrupt their targets”, including through the same targeting of Fortinet vulnerabilities and Microsoft Exchange Servers vulnerable to ProxyShell that the advisory addressed.
CISA in August issued an alert urging organizations to immediately patch ProxyShell vulnerabilities.
Iran has long been viewed as one of the most high-profile and prolific nation states posing a threat to the US in cyberspace.
Reports claim, in recent months, Iranian government-linked hackers have gone after medical researchers in the US and Israel, and in October Microsoft released findings indicating that Iran was behind the targeting of US and Israeli defense companies.
In late October, the head of the Passive Defense Organization of Iran stated the United States and the Israeli regime were behind the recent cyberattack on Iran’s gas stations.
“We analyzed two incidents; one of them was the attack on Shahid Rajaee port, and the other the attack on the railways,” said Brigadier General Gholamreza Jalali in a televised interview.
“The two were similar [to the cyberattack on gas stations] in terms of the model of the attack,” he added.
“We believe the masterminds of those cyberattacks are definitely our enemies, i.e., the Americans and the Zionist regime [of Israel],” the top general noted.
However, he added, “We are reviewing technical information and cannot express our final viewpoint now.”
“When somebody wants to attack you at the middleware or hardware level, they should be able to infiltrate into, and have access to the information in the embedded system,” he explained.
For the first time in Iran's aviation history, a flight carrying an all-female crew and…
Tehran’s Cyber Police Chief, Brigadier General Davood Moazzami Goudarzi, announced a crackdown on individuals causing…
Doha will stop gas shipments to the EU if member states enforce new legislation on…
At least 15,000 British soldiers left the country's Armed Forces between November 2023 and October…
Journalists have identified the names of 84,761 Russian soldiers who died during the war in…
The United States Navy has inadvertently shot down its own F/A-18 fighter jet in a…