Iranian state-sponsored hackers are working closely with ransomware groups on monetizing unauthorized access to the networks of organizations in the United States and elsewhere, the US government says
“The Iranian cyber actors’ involvement in these ransomware attacks goes beyond providing access; they work closely with ransomware affiliates to lock victim networks and strategize on approaches to extort victims,” CISA, the FBI, and the Department of Defense Cyber Crime Center (DC3) note in a joint advisory
(PDF)
The US government’s joint advisory came out the same day that Mandiant published a report on a suspected Iran counterintelligence operation targeting Iranians and domestic threats, and Microsoft details on Iran-linked Peach Sandstorm’s use of a new custom backdoor.
Posted earlier:
The advanced persistent threat (APT) actor has been observed compromising the networks of financial institutions, municipal governments, schools, and healthcare facilities in the US, while also targeting organizations in Azerbaijan, Israel, and the United Arab Emirates.