Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security United States

US Says Iran-backed Hackers Are Now Targeting Organizations With Ransomware (techcrunch.com) 18

The U.S. government, along with counterparts in Australia and the U.K, have warned that Iranian state-backed hackers are targeting U.S. organizations in critical infrastructure sectors -- in some cases with ransomware. From a report: The rare warning linking Iran with ransomware landed in a joint advisory Wednesday, issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), and the U.K's National Cyber Security Centre (NCSC). The advisory said that Iran-backed attackers have been exploiting Fortinet vulnerabilities since at least March and a Microsoft Exchange ProxyShell vulnerability since October to gain access to U.S. critical infrastructure organizations in the transport and public health sectors, as well as organizations in Australia. The aim of the hackers is ultimately to leverage this access for follow-on operations such as data exfiltration, extortion and ransomware deployment. In May this year, for example, the hackers abused Fortigate gear to access a web server hosting the domain for a U.S. municipal government. The following month, CISA and the FBI observed the hackers exploiting Fortinet vulnerabilities to access the networks of a U.S.-based hospital specializing in healthcare for children. The joint advisory has been released alongside a separate report from Microsoft on the evolution of Iranian APTs, which are "increasingly utilizing ransomware to either collect funds or disrupt their targets." In the report, Microsoft said it has been tracking six Iranian threat groups that have been deploying ransomware and exfiltrating data in attacks that started in September 2020.
This discussion has been archived. No new comments can be posted.

US Says Iran-backed Hackers Are Now Targeting Organizations With Ransomware

Comments Filter:
  • "Microsoft said it has been tracking six Iranian threat groups" - Embrace them, Extend them, then Extinguish them. Take 'em out, take 'em down, do your stuff. https://www.youtube.com/watch?... [youtube.com]
  • by TheNameOfNick ( 7286618 ) on Wednesday November 17, 2021 @01:57PM (#61996721)

    So people and businesses keep getting ransomed.

  • by bubblyceiling ( 7940768 ) on Wednesday November 17, 2021 @02:23PM (#61996799)
    Instead of going around pointing fingers, learn to take some responsibility and fix the gaping security holes.
  • They are using Bitcoin for payments?

    I'm shocked! Surely you must be joking!

  • When you've cyber-attacked a country multiple times, you're bound to have some sort of retaliation. I'm highly skeptical they're targeting children hospitals but you have to bring the children into this to make us sympathize with the US.
  • There, headline corrected for accuracy.
  • Now who is the real bad guy in my black-and-white world?
    Or should I look at my own country?

  • Gotta keep those tax dollars rolling into the Security Industrial Complex, just another division of the Military Industrial Complex, which also happens to own most media outlets.

    I'd be happy if the NSA concentrated on making secure computing standards, instead of backdoored computing standards to allow surveillance, that are inevitably found and used by hackers.

    It's time we went back to non-routable protocols where suitable.

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...