Iranian ransomware attacks, unlike those sponsored by North Korea, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes and to essentially wear down targets, Crowdstrike researchers said.
The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.
Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, D.C., as a cover, Microsoft said.
“These guys are the biggest pain in the rear. Every two hours they’re sending an email,” Elliott said at the Cyberwarcon cybersecurity conference Tuesday.Earlier this year Facebook announced it had found Iranian hackers using “sophisticated fake online personas” to build trust with targets and get them to click on malicious links and often posed as recruiters of defense and aerospace companies.
The Iranian ransomware attacks, unlike those sponsored by North Korea’s government, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them —and to essentially wear down their targets, Crowdstrike researchers said at the Cyberwarcon event.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Iran-backed hackers accused of targeting critical US sectorsWASHINGTON (AP) — Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware , according to an advisory issued Wednesday by American, British and Australian officials.
Read more »
IAEA: Iran boosting stockpile of highly enriched uraniumIAEA says it believes Iran has further increased its stockpile of highly enriched uranium but cannot verify the exact amount due to Tehran's limitations on UN inspectors
Read more »
WSJ News Exclusive | Iran Resumes Production of Advanced Nuclear-Program Parts, Diplomats SayThe resumption at a site the U.N.’s atomic energy agency has been unable to monitor or gain access to for months presents a new challenge for the Biden administration as it prepares for nuclear talks.
Read more »
Iran-backed hackers accused of targeting critical US sectorsWASHINGTON (AP) — Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware , according to an advisory issued Wednesday by American, British and Australian officials.
Read more »
US warns that Iranian government-sponsored hackers are targeting key US infrastructureIranian government-sponsored hackers are targeting key US infrastructure and, in some cases, deploying ransomware against those victims, US federal agencies warn.
Read more »