Iran-Backed Cybergroup Accused Of Targeting Critical U.S.
November 19, 2021
U.S., British, and Australian authorities say a hacker group
"associated" with the Iranian government is behind cyberattacks
on targets in the United States and Australia, including in the
health-care and transportation sectors.
"The Iranian government-sponsored APT actors are actively
targeting a broad range of victims across multiple U.S. critical
infrastructure sectors, including the transportation sector and
the health-care and public-health sector, as well as Australian
organizations," according a joint advisory issued on November
Advanced persistent threat (APT) is a designation often given to
Since at least March 2021, the group has exploited
vulnerabilities in Microsoft Exchange and Fortinet software to
break into computer networks, including those of a U.S.
municipal government and a children's hospital in the United
States, the advisory said.
The group leveraged the initial hack for additional operations
such as data theft, ransomware, and extortion.
advisory did not identify any specific targets for the hackers,
or say how successful they have been.
Microsoft said in a blog post that it had observed "six Iranian
threat groups" deploying ransomware since September 2020 "in
waves every six to eight weeks on average."
"As Iranian operators have adapted both their strategic goals
and tradecraft, over time they have evolved into more competent
threat actors capable of conducting a full spectrum of
operations," it said.
Iranian officials did not immediately comment on the
In July, Facebook said it had disrupted a group of hackers in
Iran behind "espionage operations" targeting mostly U.S.
military personnel and companies in the defense and aerospace