Hackers linked to the Iranian government have targeted a “broad range of victims” inside the United States, according to an advisory issued Wednesday by American, British and Australian officials.
The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.
Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, D.C., as a cover, Microsoft said.
“These guys are the biggest pain in the rear. Every two hours they’re sending an email,” Elliott said at the Cyberwarcon cybersecurity conference Tuesday. Researchers at the Crowdstrike cybersecurity firm said they and competitors began seeing this type of Iranian activity last year.