Iranian hackers have raised concern with US law enforcement authorities after recently launching cyber attacks against vital institutions and facilities in the United States.
The latest attacks add to a growing number launched by several different parties against the US. According to a report by the Foreign Policy magazine, Iranian ransomware groups were quietly emerging as a global force to be reckoned with.
On November, the US, Britain and Australia issued a joint warning that Iranian actors have conducted ransomware attacks against US targets and gained access to a wide range of critical infrastructure networks, including a children’s hospital, which would enable more attacks, the report read.
Experts in the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC) and the United Kingdom’s National Cyber Security Centre (NCSC) found out that an ongoing malicious cyber activity by an advanced persistent threat (APT) group is associated with the government of Iran.
Ransomware encrypts files on a victim’s computer. The perpetrator then demands ransom payments in exchange for decrypting the files and sometimes also threatens to leak the victim’s data.
“The Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple US critical infrastructure sectors,” the security experts warned.
While Iranian ransomware may be relatively unfamiliar to Americans, it has been a part of everyday life in Israel for more than a year, the US publication noted.
“Iranian actors have targeted almost every sector of Israel’s economy and society.”
The report pointed out that Iran’s successful use of ransomware against Israel has likely emboldened it to expand its focus to the United States.
In September 2020, an Israeli cyber security firm first detected Iranian ransomware activity against unspecified “prominent Israeli organisations”.
Another hacking group, Black Shadow, believed to be linked to Iran, was accused of carrying out a major cyber attack in October targeting an internet service provider in Israel.
The report warned that Iran’s ransomware campaign appears to be on the brink of global expansion.
In 2019, a report prepared by researchers at the US giant Microsoft Corporation said that Iranian hackers are working to infiltrate systems, companies and governments around the world, causing damages amounting to hundreds of millions of dollars.
Some believe these attacks may be part of Iran’s attempts not only to influence cyber security and its open conflict with its “rivals” but also to obtain foreign cash, especially the US dollar, to break the blockade imposed on it.