The Iranian hackers are exploiting known flaws in software made by Microsoft and California-based vendor Fortinet to access systems and at times lock them up with ransomware, according to the advisory from the FBI, US Cybersecurity and Infrastructure Security Agency, Australian Cyber Security Centre and the UK’s National Cyber Security Centre.
“These Iranian government-sponsored … actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” the advisory states.
The Health Information Sharing and Analysis Center, a cyber threat sharing group for big US health care providers, said it would quickly share the US government advisory with its members.
“We’re taking it very seriously,” Errol Weiss, the group’s chief security officer, told CNN. “I would have loved a chance to work on this with the government before it came out.”
It is unclear which US health and transportation sectors were targeted by the hackers; federal officials do not typically publicly name hacking victims. The hackers appear to be focusing on exploiting the software flaws, rather than picking specific sectors to target, officials said.
Health care organizations have been strapped for resources, including cybersecurity services, throughout the coronavirus pandemic. But ransomware attacks — often from criminal groups based in Eastern Europe and Russia — on those organizations have only increased, according to tallies of attacks from private-sector experts.
The Iranian government’s alleged dabbling in ransomware, however, has received less public attention. But private-sector researchers have in recent months detailed Iran-linked hackers alleged use of ransomware, warning that hacks of companies in Israel and elsewhere are meant to disrupt business operations and intimidate victim organizations rather than recover actual ransom payments.
One suspected Iranian group posed as ransomware operators while conducting disruptive hacks of Israeli organizations this year, according to SentinelOne, another cybersecurity firm.