trending:

sponsored:

Just In

More News Load more
Cybersecurity

Officials warn that hackers linked to Iranian government are targeting critical sectors

by Maggie Miller - 11/17/21 1:36 PM ET
by Maggie Miller - 11/17/21 1:36 PM ET
Getty Images
The Iranian flag is seen in this June 10, 2021, file photo.

Federal agencies in the United States, United Kingdom and Australia on Wednesday warned that hackers linked to the Iranian government are behind an ongoing campaign targeting critical infrastructure, including hospitals. 

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the U.K.’s National Cyber Security Centre (NCSC) and the Australian Cyber Security Centre (ACSC) outlined the malicious activity in a joint advisory. 

The agencies noted that the hackers had targeted “a broad range of victims across multiple U.S. critical infrastructure sectors” since at least March of this year, often through exploiting vulnerabilities in devices from cybersecurity group Fortinet and Microsoft Exchange ProxyShell to launch ransomware attacks.

The Iranian-linked advanced persistent threat group (APT) was specifically found to be targeting the U.S. health and transportation sectors, including a hospital specializing in children’s care in July, and to have gone after a domain for a U.S. municipal government in May.

The ACSC has also seen the hackers target victims in Australia. 

“FBI, CISA, ACSC, and NCSC assess the actors are focused on exploiting known vulnerabilities rather than targeting specific sectors,” the advisory reads. “These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion.”

The advisory was released the day after Microsoft’s Threat Intelligence Center shared new findings on Iranian hacking activity. Researchers noted that Iranian hackers were “increasingly utilizing ransomware to either collect funds or disrupt their targets,” including through the same targeting of Fortinet vulnerabilities and Microsoft Exchange Servers vulnerable to ProxyShell that the advisory addressed.

CISA in August issued an alert urging organizations to immediately patch ProxyShell vulnerabilities. 

Iran has long been viewed as one of the most high-profile and prolific nation states posing a threat to the U.S. in cyberspace. 

In recent months, Iranian government-linked hackers have gone after medical researchers in the U.S. and Israel, and in October Microsoft released findings indicating that Iran was behind the targeting of U.S. and Israeli defense companies.

Tags Australia CISA Cyberattack FBI Iran Ransomware United Kingdom

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts

More Cybersecurity News

See All

See All

Video/Hill.TV

See all Hill.TV

See all Video

See all Hill.TV See all Video

Top Stories

See All

See All
Sidebar Top

Most Popular

  1. Tennessee Republican files articles of impeachment against Harris
  2. Is your $2 bill worth thousands? How to tell
  3. Harris vs. Trump: What the polls tell us
Load more
Sidebar Middle

People – Custom HTML – Sidebar Bottom – Any Person

SIDEBAR BOTTOM
Read next >
Read next >
Next
Read next >
Next story in
Read next >
Next story in