Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security United States

US Says Iran-backed Hackers Are Now Targeting Organizations With Ransomware (techcrunch.com) 18

Posted by msmash from the security-woes dept.
The U.S. government, along with counterparts in Australia and the U.K, have warned that Iranian state-backed hackers are targeting U.S. organizations in critical infrastructure sectors -- in some cases with ransomware. From a report: The rare warning linking Iran with ransomware landed in a joint advisory Wednesday, issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the U.K's National Cyber Security Centre (NCSC). The advisory said that Iran-backed attackers have been exploiting Fortinet vulnerabilities since at least March and a Microsoft Exchange ProxyShell vulnerability since October to gain access to U.S. critical infrastructure organizations in the transport and public health sectors, as well as organizations in Australia. The aim of the hackers is ultimately to leverage this access for follow-on operations such as data exfiltration, extortion and ransomware deployment. In May this year, for example, the hackers abused Fortigate gear to access a web server hosting the domain for a U.S. municipal government. The following month, CISA and the FBI observed the hackers exploiting Fortinet vulnerabilities to access the networks of a U.S.-based hospital specializing in healthcare for children. The joint advisory has been released alongside a separate report from Microsoft on the evolution of Iranian APTs, which are "increasingly utilizing ransomware to either collect funds or disrupt their targets." In the report, Microsoft said it has been tracking six Iranian threat groups that have been deploying ransomware and exfiltrating data in attacks that started in September 2020.
This discussion has been archived. No new comments can be posted.

US Says Iran-backed Hackers Are Now Targeting Organizations With Ransomware More

US Says Iran-backed Hackers Are Now Targeting Organizations With Ransomware

Comments Filter:
  • "Microsoft said it has been tracking six Iranian threat groups" - Embrace them, Extend them, then Extinguish them. Take 'em out, take 'em down, do your stuff. https://www.youtube.com/watch?... [youtube.com]

  • You idiots keep paying (Score:3)

    by TheNameOfNick ( 7286618 ) on Wednesday November 17, 2021 @02:57PM (#61996721)

    So people and businesses keep getting ransomed.

  • Stop making excuses and bolster IT security (Score:3)

    by bubblyceiling ( 7940768 ) on Wednesday November 17, 2021 @03:23PM (#61996799)
    Instead of going around pointing fingers, learn to take some responsibility and fix the gaping security holes.

  • They are using Bitcoin for payments?

    I'm shocked! Surely you must be joking!

  • When you've cyber-attacked a country multiple times, you're bound to have some sort of retaliation. I'm highly skeptical they're targeting children hospitals but you have to bring the children into this to make us sympathize with the US.
  • There, headline corrected for accuracy.

  • Now who is the real bad guy in my black-and-white world?
    Or should I look at my own country?

  • Gotta keep those tax dollars rolling into the Security Industrial Complex, just another division of the Military Industrial Complex, which also happens to own most media outlets.

    I'd be happy if the NSA concentrated on making secure computing standards, instead of backdoored computing standards to allow surveillance, that are inevitably found and used by hackers.

    It's time we went back to non-routable protocols where suitable.

Slashdot Top Deals

Work is the crab grass in the lawn of life. -- Schulz

Close