Iran-backed hackers accused of exploiting vulnerabilities, targeting critical US sectors

An advisory issued on Wednesday, November 17, by American, British, and Australian officials, stated that hackers linked to the Iranian government have been targeting a wide range of victims inside the United States, including installing ransomware. The warning is noteworthy because, while ransomware attacks continue to be common in the United States, the majority of the important ones in the last year have been traced to Russian-based criminal cyber groups rather than Iranian hackers, according to AP.

According to the alert, in recent months, Iran has targeted companies in the transportation, health care, and public health sectors by exploiting computer vulnerabilities discovered by hackers before they can be addressed. According to the advisory, the attackers used the first compromise to conduct additional activities such as data exfiltration, ransomware, and extortion. According to officials, the organisation employed the same Microsoft Exchange vulnerability in Australia.

Researchers noticed hacker's pattern last year

Crowdstrike cybersecurity researchers said they and others began noticing this type of Iranian behaviour last year, according to AP. Reportedly, the Iranian ransomware assaults, unlike those sponsored by North Korea's government, are intended for spying, disinformation, harassing and embarrassing opponents (Israel foremost among them) and generally wearing down their targets, according to Crowdstrike experts. Crowdstrike considers Iran to be the trendsetter in this novel low form of cyberattack, which typically involves paralyzing a network with ransomware, stealing information and then leaking it online. According to the media agency, researchers call the method “lock and leak.” It is less visible, less costly and provides more room for deniability, a researcher told AP.

However, government authorities aren't the only ones who have noticed Iran's activity; Microsoft revealed on Tuesday that it had observed six different groups in Iran launching malware since last year. According to Microsoft, one of the groups spends a significant amount of time and energy attempting to establish relationships with their intended victims before launching spear-phishing efforts. As a cover, the organisation sends out false conference invites or interview requests and frequently masquerades as executives at Washington, D.C.-based think tanks, according to Microsoft. Once rapport is established and a malicious link is given, the Iranians are aggressive in their efforts to get their victims to click on it, according to James Elliott, a member of the Microsoft Threat Intelligence Center, 

(With inputs from AP)

Image: Unsplash