UNITED24 - Make a charitable donation in support of Ukraine!

Homeland Security

[ rfe/rl banner ]

Iran-Backed Cybergroup Accused Of Targeting Critical U.S. Sectors

By RFE/RL November 18, 2021

U.S., British, and Australian authorities say a hacker group "associated" with the Iranian government is behind cyberattacks on targets in the United States and Australia, including in the health-care and transportation sectors.

"The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the transportation sector and the health-care and public-health sector, as well as Australian organizations," according a joint advisory issued on November 17.

Advanced persistent threat (APT) is a designation often given to state-backed hackers.

Since at least March 2021, the group has exploited vulnerabilities in Microsoft Exchange and Fortinet software to break into computer networks, including those of a U.S. municipal government and a children's hospital in the United States, the advisory said.

The group leveraged the initial hack for additional operations such as data theft, ransomware, and extortion.

The advisory did not identify any specific targets for the hackers, or say how successful they have been.

Microsoft said in a blog post that it had observed "six Iranian threat groups" deploying ransomware since September 2020 "in waves every six to eight weeks on average."

"As Iranian operators have adapted both their strategic goals and tradecraft, over time they have evolved into more competent threat actors capable of conducting a full spectrum of operations," it said.

Iranian officials did not immediately comment on the accusations.

In July, Facebook said it had disrupted a group of hackers in Iran behind "espionage operations" targeting mostly U.S. military personnel and companies in the defense and aerospace industries.

Source: https://www.rferl.org/a/iran-cyberattaks -us-critical/31567511.html

Copyright (c) 2021. RFE/RL, Inc. Reprinted with the permission of Radio Free Europe/Radio Liberty, 1201 Connecticut Ave., N.W. Washington DC 20036.

Join the GlobalSecurity.org mailing list