The US government’s joint advisory came out the same day that Mandiant published a report on a suspected Iran counterintelligence operation targeting Iranians and domestic threats, and Microsoft details on Iran-linked Peach Sandstorm’s use of a new custom backdoor.
Posted earlier:
“The Iranian cyber actors’ involvement in these ransomware attacks goes beyond providing access; they work closely with ransomware affiliates to lock victim networks and strategize on approaches to extort victims,” CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) note in a joint advisory
(PDF)
https://share.counter.social/s/454f9b