Ransomware gangs that hack businesses, lock their computers, and then demand ransoms to free them, have often been linked to Russian-speaking hackers, but hackers linked to the Iranian government are also taking part in the action, the FBI and the The Department of Homeland Security’s cybersecurity agency CISA warned in an alert on Wednesday. Government-linked hackers, who have occasionally used the pseudonym “Elijah” on victim systems, have so far targeted a US-based children’s hospital and a municipal government. Hackers are also planning brazen attacks in the transportation sector and against other public health organizations, according to the alert. The Australian government has warned that it has also seen suspected hackers linked to the Iranian government performing ransomware operations. It’s a reminder that Russian hacking gangs don’t have a monopoly on ransomware attacks that could cause disruption, like the hacks against Colonial Pipeline or JBS earlier this year.
In some cases, Iranian hacking gangs have reached out to targets with bogus “maintenance requests” only to try to steal their passwords to launch ransomware attacks later, according to a report released this week. by Microsoft cybersecurity researchers. Six Iranian hacking groups in total, some of which use the alias “@badguy”, have launched ransomware attacks in waves every six to eight weeks since September 2020, the researchers said.
Read it on CISA