Authorities in the US and UK have said Iran is waging an “ongoing” campaign of ransomware and other cyber attacks against US critical infrastructure and Australian organizations that began in March.
In a joint statement, the FBI and the Cybersecurity and Infrastructure Security Agency, as well as the cybersecurity centers of the United Kingdom and Australia, said the Iranian government-sponsored hackers had “actively targeted a wide range of victims in several critical US infrastructure sectors, including the transportation sector and the health and public health sector ”.
Hackers exploited a bug in security group Fortinet’s software and a flaw in Microsoft email software that was first discovered by Chinese hackers to deploy ransomware, steal data or extort victims, said the agencies.
Iran’s activity included successfully raping a US municipal government and a US hospital specializing in child health care in May and June respectively, according to the joint statement.
Iran’s use of ransomware – in which hackers lock down an organization’s computer systems or data, agreeing to release it only if a ransom is paid – marks a notable change. Much of the proliferation of ransomware activity to date has been blamed on Russian criminal groups, prompting a recent crackdown by the administration of US President Joe Biden.
Microsoft said in another blog post Tuesday that actors in Iranian nation states are “increasingly using ransomware to raise funds or disrupt their targets” and have become “more patient and persistent while at the same time becoming more patient and persistent. engaging with their targets ”.
Microsoft said it has identified six Iranian threat groups deploying ransomware in waves every six to eight weeks on average since September 2020.
Groups have typically used social engineering to trick victims into clicking malicious links, Microsoft added, one of them using fake Google Meet video conference invitations and “continually harassing” victims to get them. click on it. Another group would pose as attractive women on social media to build trust with a target, before sending them malicious files, the company said.
The report comes as the United States seeks to re-enter a 2015 multilateral pact that limited Iran’s nuclear program in return for sanctions relief. Since Trump withdrew the United States from the pact in 2018, Tehran has stepped up its nuclear program and a UN watchdog has said it may have enough nuclear material for a bomb within months.
Rob Malley, the U.S. special envoy to Iran who heads the U.S. delegation, is in the Middle East this week to discuss Iran’s approaches with U.S. regional allies including the United Arab Emirates, Israel, the Saudi Arabia and Bahrain. A seventh round of indirect talks with the United States is due to take place in Vienna later this month, the first since an outright government was elected in Iran.
“Iran is rapidly increasing its influence thanks to nuclear advances, increasing its cyber focus and flexing its muscles in the region before nuclear talks resume to get more concessions from the United States,” Ali Vaez said, Iran director at the International Crisis Group. “This is a multidimensional game of strategy from the brink. ”