- Advertisement -
World

US says Iran govt behind ransomware attacks

The US Department of Homeland Security estimates that ransomware attackers extorted at least US$350 million from victims last year.

AFP
1 minute read
Share
Since at least March 2021, the APT has exploited vulnerabilities in Microsoft Exchange and Fortinet software to hack into systems, including those of a city government and a children's hospital, CISA says. Photo: AP
Since at least March 2021, the APT has exploited vulnerabilities in Microsoft Exchange and Fortinet software to hack into systems, including those of a city government and a children's hospital, CISA says. Photo: AP

Iran’s government is backing a hacker group responsible for recent ransomware attacks on targets in the US and Australia, the US cybersecurity agency said Wednesday.

“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector,” the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert.

It said that experts in the FBI, the Australian Cyber Security Centre, and Britain’s National Cyber Security Centre had jointly reached the conclusion on Tehran’s support for the “APT” group, or “advanced persistent threat,” a designation often given to state-backed hackers.

Since at least March 2021, the group has exploited vulnerabilities in Microsoft Exchange and Fortinet software to hack into systems, including those of a city government and a children’s hospital, CISA said.

“These Iranian government-sponsored APT actors can leverage this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion,” it said.

CISA did not identify any specific targets for the group in the US or Australia, or say how successful they have been.

The US Department of Homeland Security estimates that ransomware attackers extorted at least US$350 million from victims last year.