A hacking group allegedly sponsored by Iran's government is launching disruptive cyberattacks against a wide range of US companies, including healthcare providers and transportation firms, according to a cybersecurity alert published by the US Homeland Security Department (DHS) on Wednesday.
Follow Israel Hayom on Facebook and Twitter
The warning, jointly authored by the FBI and DHS' Cybersecurity and Infrastructure Security Agency, said the hackers were exploiting old software vulnerabilities in products made by Microsoft and Fortinet to break into victim computer networks. While the vulnerabilities were patched, some customers haven't updated their networks.
On Tuesday, Microsoft said in a blog post that it had observed six different Iranian hacking groups deploying ransomware since September 2020.
Ransomware typically functions by encrypting a computer's data, leaving it inaccessible until an extortion payment is sent to the hackers.
The Iranian hackers are exploiting known flaws in software made by Microsoft and California-based vendor Fortinet to access systems and at times lock them up with ransomware, according to the advisory from the FBI, US Cybersecurity and Infrastructure Security Agency, Australian Cyber Security Centre and the UK's National Cyber Security Centre.
"These Iranian government-sponsored ... actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion," the advisory states, according to CNN.
"As Iranian operators have adapted both their strategic goals and tradecraft, over time they have evolved into more competent threat actors capable of conducting a full spectrum of operations," the Microsoft analysis reads.
The Health Information Sharing and Analysis Center, a cyber threat sharing group for big US health care providers, said it would quickly share the US government advisory with its members.
"We're taking it very seriously," Errol Weiss, the group's chief security officer, told CNN. "I would have loved a chance to work on this with the government before it came out."
The Iranian government's alleged use of hackers and ransomware has received less public attention, but private-sector researchers have warned that there has been a sharp increase in recent months in alleged Iran-linked hackers' use of ransomware.
Such hacked "seek to disrupt business operations and intimidate victim organizations rather than recover actual ransom payments."
Subscribe to Israel Hayom's daily newsletter and never miss our top stories!
