Iranian government-backed hackers target critical infrastructure with ransomware, US says
U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year in a bid to deploy ransomware against critical infrastructure. The hackers are interested in taking advantage of known software flaws where they can, the agencies said. The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in March, May and June saw Iranian “advanced persistent threat” groups capitalizing on Fortinet vulnerabilities, in one case for a server associated with a U.S. municipal government and in another involving networks associated with a U.S.-based hospital focused on children’s care. In October the hackers relied on a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations,” the subject of another recent CISA alert. “The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including […]
The post Iranian government-backed hackers target critical infrastructure with ransomware, US says appeared first on CyberScoop.