US says Iran government behind ransomware attacks

WASHINGTON: Iran’s government is backing a hacker group responsible for recent ransomware attacks on targets in the United States and Australia, the US cybersecurity agency said Wednesday.
“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector,” the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert.
It said that experts in the FBI, the Australian Cyber Security Centre, and Britain’s National Cyber Security Centre had jointly reached the conclusion on Tehran’s support for the “APT” group, or “advanced persistent threat,” a designation often given to state-backed hackers.
Since at least March 2021, the group has exploited vulnerabilities in Microsoft Exchange and Fortinet software to hack into systems, including those of a city government and a children’s hospital, CISA said.
“These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” it said.
CISA did not identify any specific targets for the group in the United States or Australia, or say how succesful they have been.
The US Department of Homeland Security estimates that ransomware attackers extorted at leat $350 million from victims last year.

Source from

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button