U.S. says Iran-backed hackers launching disruptive cyberattacks on U.S. firms

By Christopher Bing

(Reuters) – A hacking group “sponsored” by Iran’s government is launching disruptive cyberattacks against a wide range of U.S. companies, including healthcare providers and transportation firms, according to a cybersecurity alert https://us-cert.cisa.gov/ncas/alerts/aa21-321a published by the U.S. Homeland Security Department (DHS) on Wednesday.

The warning, jointly authored by the FBI and DHS’ Cybersecurity and Infrastructure Security Agency, said the hackers were exploiting old software vulnerabilities in products made by Microsoft and Fortinet to break into victim computer networks. While the vulnerabilities were patched, some customers haven’t updated their networks.

On Tuesday, Microsoft said in a blog post https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021 that it had observed six different Iranian hacking groups deploying ransomware since September 2020. Ransomware typically functions by encrypting a computer’s data, leaving it inaccessible until an extortion payment is sent to the hackers.

“As Iranian operators have adapted both their strategic goals and tradecraft, over time they have evolved into more competent threat actors capable of conducting a full spectrum of operations,” the Microsoft analysis reads. A spokesperson for Iran’s mission to the United Nations did not immediately respond to a request for comment.