Federal agencies in the United States, Britain and Australia warned on Wednesday that hackers linked to the Iranian government are behind an ongoing campaign targeting critical infrastructure, including hospitals.
The FBI, Cybersecurity and Infrastructure Security Agency (CISA), UK National Cyber Security Center (NCSC) and Australian Cyber Security Center (ACSC) have the malicious activity rolled into one joint advice.
Authorities found that since at least March this year, the hackers had targeted “a wide range of victims in several critical US infrastructure sectors,” often exploiting vulnerabilities in Fortinet cybersecurity group and Microsoft Exchange ProxyShell devices to carry out ransomware attacks start.
The Iran-affiliated Advanced Persistent Threat Group (APT) was found to target the U.S. health and transportation sectors specifically, including a hospital specializing in childcare in July and pursuing a domain for a U.S. city government in May.
The ACSC also saw the hackers attack victims in Australia.
“FBI, CISA, ACSC and NCSC judge that actors are focusing on exploiting known vulnerabilities rather than targeting specific sectors,” the recommendation reads. “These APT actors, sponsored by the Iranian government, can use this access for follow-up operations such as data exfiltration or encryption, ransomware and blackmail.”
The advisory was released the day after Microsoft’s Threat Intelligence Center released new information results about Iranian hacking activities. The researchers found that Iranian hackers “are increasingly using ransomware to either raise funds or disrupt their goals,” including targeting Fortinet vulnerabilities and Microsoft Exchange servers vulnerable to ProxyShell as the recommendation addressed.
KAG issued a in August alarm urge companies to fix ProxyShell vulnerabilities immediately.
Iran has long been considered one of the most famous and productive nation states that pose a threat to the US in cyberspace.
In the past few months, hackers affiliated with the Iranian government have been reported gone after medical researchers in the US and Israel, and in October Microsoft released results This suggests that Iran is behind the attacks on US and Israeli defense companies.