Iranian state-sponsored hackers are working closely with ransomware groups on monetizing unauthorized access to the networks of organizations in the United States and elsewhere, the US government says
“The Iranian cyber actors’ involvement in these ransomware attacks goes beyond providing access; they work closely with ransomware affiliates to lock victim networks and strategize on approaches to extort victims,” CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) note in a joint advisory
(PDF)
The advanced persistent threat (APT) actor has been observed compromising the networks of financial institutions, municipal governments, schools, and healthcare facilities in the US, while also targeting organizations in Azerbaijan, Israel, and the United Arab Emirates.