GeneralThe Iranian Regime Collaborates with Ransomware Criminals  

The Iranian Regime Collaborates with Ransomware Criminals  

-

U.S. intelligence agencies have warned that the Iranian regime is collaborating with cybercriminal groups to conduct ransomware attacks against organizations in the United States, Israel, Azerbaijan, and the United Arab Emirates.

On Wednesday, August 28, the FBI, the Pentagon’s Cyber Crime Center, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced that in recent times, Iran has targeted not only government institutions but also educational, healthcare, and defense sectors in these countries.

The FBI’s assessment indicates that a significant percentage of these Iranian cyber hacking operations have been conducted to gain access to the networks of these institutions through ransomware.

In addition to deploying ransomware, hackers linked to the Iranian regime have pursued extensive campaigns to steal sensitive technical data from Israeli and Azerbaijani institutions.

The three U.S. intelligence agencies based their report on data provided by several organizations that had been affected by these malicious activities.

The findings of these three agencies indicate that hackers linked to Iran either use ransomware themselves or collaborate with prominent ransomware operators in espionage and data theft operations.

U.S. agencies have concluded that hackers associated with Iran, in exchange for assisting in deploying ransomware, receive a share of the information obtained through these cyber traps.

In some cases, hackers have collaborated with ransomware groups that lock victims’ networks and seek to extort them.

Multiple hacking operations targeting Israeli organizations and companies  

The report by these three U.S. agencies noted that cyber actors linked to the Iranian regime have been behind multiple hacking operations targeting Israeli organizations and companies over the past four years. The primary motive was not financial extortion but rather to embarrass Israel by sharing the stolen data from these Israeli entities online.

The report mentioned the Iranian technology company “Danesh Novin Sahand,” which it described as a “cover for the cyber activities” of the Iranian regime. According to U.S. agencies, this company exploited vulnerabilities in cybersecurity products such as Check Point or Palo Alto Networks VPN equipment.

Hackers backed by the regime, upon entering the victim’s network and before expanding their infiltration operations and data theft, created a user account under the name “John McCain,” a prominent late U.S. senator.

The hackers disable antivirus programs or security software on the victim’s computer to freely operate within the compromised network without triggering any warnings, allowing them to carry out their intended actions, steal information, and monitor the victim’s activities.

U.S. government cybersecurity experts believe that the hackers typically do not conceal their affiliation with the Iranian regime and deliberately keep the origin of their actions ambiguous.

In their advisory, the three U.S. intelligence agencies wrote that merely addressing the vulnerabilities in the software used on victims’ computers is insufficient for protection. Instead, organizations must take additional measures to protect themselves from these traps and report any ransomware attack or cyber incident.

The U.S. agencies identified four specific vulnerabilities in the software used on computers that need to be addressed.

The report by the three U.S. agencies was released amid renewed attention by U.S. intelligence organizations on Iran’s cyber activities aimed at influencing the upcoming U.S. presidential election.

Microsoft also reported on Wednesday that hacking agents linked to the Islamic Revolutionary Guard Corps (IRGC) have installed malware on computers in the satellite, oil, gas, and communications sectors of the United States and the United Arab Emirates.

The Iranian regime, in its effort to bolster its intelligence capabilities, is increasingly using cyberattacks and, more recently, artificial intelligence.

Latest news

Water Shortages in Iran Have Become a Chronic Crisis, and Alarm Bells Are Ringing

Statements by Iranian regime officials at the beginning of the summer indicate that water stress has spread across most...

Continued Human Rights Violations In Iran: Security Forces Open Fire On People Celebrating Khamenei’s Death

As the Iranian regime staged the funeral of Ali Khamenei four months after his death, human rights media reported...

Iran’s July 9 Student Uprising Mark 27th Anniversary

Twenty-seven years have passed since July 9, 1999, when the Iranian regime's official security forces and paramilitary groups loyal...

U.S. Military Attacks More Than 90 Targets in Iran

The United States Central Command (CENTCOM) said in a statement that on Wednesday evening, U.S. forces struck about 90...

Amnesty International Challenges Silence Over the Iranian Regime’s Crimes

The bloody crackdown on the January protests in Iran remains unaddressed, and Amnesty International has warned that the continued...

Iranian Regime’s Iraqi Proxy Groups in the Trap of Arrest and the Law

Following the arrest of one of the Iranian regime's proxy operatives in Iraq, who had also been sanctioned by...

Must read

Relatives of political prisoner blame Iran’s rulers for son’s death

Iran Focus: London, Aug. 17 – The relatives of...

China, Iran pursue “diplomacy” to end nuclear crisis

Reuters: Iran and oil-famished China agreed on favouring a...

You might also likeRELATED
Recommended to you