Navigation
  •  
A1F

Iran-backed cybergroup accused of targeting critical US sectors

SolarWinds hackers. (Pop Nukoonrat/Dreamstime/TNS)

This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.

U.S., British, and Australian authorities say a hacker group “associated” with the Iranian government is behind cyberattacks on targets in the United States and Australia, including in the health-care and transportation sectors.

“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the transportation sector and the health-care and public-health sector, as well as Australian organizations,” according a joint advisory issued on November 17.

Advanced persistent threat (APT) is a designation often given to state-backed hackers.

Since at least March 2021, the group has exploited vulnerabilities in Microsoft Exchange and Fortinet software to break into computer networks, including those of a U.S. municipal government and a children’s hospital in the United States, the advisory said.

The group leveraged the initial hack for additional operations such as data theft, ransomware, and extortion.

The advisory did not identify any specific targets for the hackers, or say how successful they have been.

Microsoft said in a blog post that it had observed “six Iranian threat groups” deploying ransomware since September 2020 “in waves every six to eight weeks on average.”

“As Iranian operators have adapted both their strategic goals and tradecraft, over time they have evolved into more competent threat actors capable of conducting a full spectrum of operations,” it said.

Iranian officials did not immediately comment on the accusations.

In July, Facebook said it had disrupted a group of hackers in Iran behind “espionage operations” targeting mostly U.S. military personnel and companies in the defense and aerospace industries.