US and UK authorities have said Iran is conducting an “ongoing” campaign of ransomware and other cyber attacks on US critical infrastructure and Australian organizations that began in March.
In a joint statement, the FBI and the Cybersecurity and Infrastructure Security
Agency together with the UK and Australian cyber security centres said that Iranian government-sponsored hackers had been “actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the transportation sector and the healthcare and public health sector”.
The hackers have been exploiting a bug in software from the security group
Fortinet and a flaw in Microsoft email software that was first discovered by Chinese hackers to deploy ransomware, steal data, or extort victims, the agencies said.
The Iranian activity included successfully breaching a US municipal government and US hospital specializing in healthcare for children in May and June respectively, according to the joint statement.
The use of ransomware by Iran — in which hackers lock up an organization’s computer systems or data, agreeing to release it only if a ransom is paid — marks a notable shift. Much of the proliferation of ransomware activity to date has been blamed on Russian criminal groups, prompting a recent crackdown by US president Joe Biden’s administration.
Microsoft said in a separate blog post on Tuesday that Iranian nation-state actors were “increasingly utilising ransomware to either collect funds or disrupt their targets” and that they had become “more patient and persistent while engaging with their targets”.
Microsoft said it had identified six Iranian threat groups deploying