US says Iran-sponsored hackers targeting health, transportation sectors

Hackers “associated with the government of Iran” are actively targeting a wide range of US sectors, including with ransomware, a cybersecurity advisory issued by US, British and Australian governments said Wednesday.  The joint alert from the US Department of Homeland Security, the FBI, the Australian Cyber Security Center and the UK’s National Cyber Security Center said the hackers were targeting transportation, health care and public health sectors in the United States, as well as Australian organizations.   US authorities have observed that Iranian government-sponsored hackers exploited vulnerabilities in Microsoft Exchange and Fortinet “to target a broad range of victims across multiple critical infrastructure sectors in furtherance of malicious activities” since at least March. 

The hackers “can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware and extortion,” the advisory said. The targets included a US-based hospital specializing in health care for children and a web server hosting the domain for a US municipal government.  The cyberalert comes a day after Microsoft reported the discovery of six Iranian threat groups that had deployed ransomware since September 2020.

Separately, the tech giant announced in October that suspected Iranian hackers used a technique known as “password spraying” to breach the Microsoft Office 365 accounts belonging to Israeli and US defense technology firms.   In June, Facebook said a group of Iranian hackers used fake accounts to target US military personnel as well as defense and aerospace workers. The hacking group, known as Tortoiseshell, reportedly used Facebook and other social media platforms to engage and build trust with targets before infecting their devices with malware for espionage purposes.

Israel has also been targeted with suspected Iranian hacks. YnetNews reported last month that an Iranian hacking group released data on hundreds of Israeli army personnel as well as a private photo of Israeli Defense Minister Benny Gantz to the dark web. 

Earlier this month, another suspected Iranian-linked group released a trove of data from an Israel-based LGBTQ dating app after its ransom demands weren’t met.