Law enforcement agencies from various countries, including the United States, Britain, and Australia, issued a joint statement that raised concerns regarding an Iranian government-backed hacker group that poses a threat to cyber security.
The joint cybersecurity advisory released on Wednesday was made by a coalition of the Cybersecurity and Infrastructure Security Agency (CISA), FBI, Australian Cyber Security Center (ACSC), and British National Cyber Security Center (NCSC). The cooperative statement linked a group of hackers to the Iranian government.
Iranian Government-Backed Hacker Group
The group of agencies also put a label on the hacker group, which is now considered an advanced persistent threat (APT). The decision was made after its members exploited Fortinet and Microsoft Exchange in March and October, respectively. The attack allowed the group to gain access to the systems as part of its plans to distribute ransomware.
The joint statement raises concerns that the group has actively targeted "a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations," Fox News reported.
The situation is a rare case of the United States government publicly linking the Iranian government with ransomware. The crime is commonly used by cybercriminals rather than a nation's government. It serves as a sign that the American federal government's ransomware problem extends farther than just Russia.
The group of hackers is believed to be exploiting known flaws in software that Microsoft and Fortinet made. They then locked the systems with ransomware, the joint statement of various agencies revealed.
Read Also: Most Americans Believe Joe Biden is Not in Good Health, Mental Condition, New Poll Reveals
"These Iranian government-sponsored actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion," said the advisory, CNN reported.
A cyber threat sharing group for bis U.S. health care providers, the Health Information Sharing and Analysis Center, said that it would immediately share the U.S. government advisory with its members. The group's chief security officer, Errol Weiss, said they were taking the matter "very seriously."
Rise of Cybercrimes
Microsoft said in a blog post on Tuesday that the company had experienced six different Iranian hacking groups deploying ransomware since September 2020. Cybercrime typically works by encrypting a computer's data, preventing the owner from accessing it until an extortion payment or ransom is sent to the attackers.
An analysis by the global tech company read that as Iranian operators have begun adapting both their strategic goals and tradecraft, they have, over time, have evolved into more competent threat actors. They are now capable of conducting a full spectrum of operations worldwide.
However, a spokesperson for Iran's mission to the United Nations did not immediately respond to a request for comment regarding the incident, Reuters reported. The situation also comes as the U.S. has, over the past two years, identified several foreign ransomware attacks, the majority of which were made by the Ryuk and Darkside groups.
These two hacker groups were tied to Russia by American authorities. However, they did not tie the cybercriminals to the Russian government, who has long since assured the American government that they were cracking down on the criminals.
Related Article: