Advisory warns of Iran ransomware threat

Iran Ransomware

The FBI, CISA, and the Department of Defense Cyber Crime Center have issued a joint advisory warning about a group of Iranian cyber actors conducting a high volume of computer network intrusion attempts against U.S. organizations since 2017. The group, known by various names including Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm, has been collaborating with ransomware gangs such as ALPHV, also known as BlackCat, which is responsible for numerous healthcare cybersecurity attacks. According to the alert, these Iranian cyber actors work closely with ransomware affiliates to lock victim networks and strategize their extortion, offering full domain-control privileges in exchange for a percentage of the ransom payments.

The threat actors do not disclose their location to ransomware affiliate contacts and are intentionally vague about their nationality and origin. Recent observations include these actors scanning IP addresses hosting Check Point Security Gateways, probing for devices potentially vulnerable to CVE2024-24919. They have also conducted mass scanning of IP addresses hosting Palo Alto Networks PAN-OS and GlobalProtect VPN devices, likely conducting reconnaissance and probing for devices vulnerable to remote code execution.

Iranian ransomware threat warning issued

The agencies recommend organizations follow suggested mitigations to defend against the Iranian cyber actors’ attempts to gain a foothold in their networks. These mitigations align with the Cross-Sector developed by CISA and the National Institute of Standards and Technology.

Earlier this year, the FBI, CISA, and the Department of Health and Human Services addressed new indicators of compromise targeting the healthcare sector. Since mid-December 2023, nearly 70 leaked victims have been reported, with the healthcare sector being the most commonly victimized. “The Iranian cyber actors’ initial intrusions rely upon exploits of remote external services on internet-facing assets to gain initial access to victim networks,” said FBI and CISA officials in the advisory.

For more updates on cybersecurity threats and defenses in the healthcare sector, stay tuned for developments from the upcoming HIMSS Healthcare Cybersecurity Forum scheduled to take place October 31-November 1 in Washington, D.C.

Picture of Mason Carter

Mason Carter

Mason Carter is a sharp-witted venture capital and startup analyst whose columns provide cutting-edge insights into the world of entrepreneurship and investment.

TRENDING AROUND THE WEB

If you recognize these 7 subtle signs, you grew up feeling invisible

If you recognize these 7 subtle signs, you grew up feeling invisible

Global English Editing

If happiness is starting to feel like a foreign concept, say goodbye to these 7 habits

If happiness is starting to feel like a foreign concept, say goodbye to these 7 habits

Personal Branding Blog

If you constantly feel burnt out by life, say goodbye to these 9 habits

If you constantly feel burnt out by life, say goodbye to these 9 habits

Small Business Bonfire

From masters to servants: Are we surrendering human potential to AI?

From masters to servants: Are we surrendering human potential to AI?

The Vessel

9 unique benefits of being a highly sensitive person, according to neuroscience

9 unique benefits of being a highly sensitive person, according to neuroscience

Jeanette Brown

If a woman is highly attracted to you, she’ll usually display these 8 subtle behaviors

If a woman is highly attracted to you, she’ll usually display these 8 subtle behaviors

The Considered Man