The Health Information Sharing and Analysis Center, a cyber threat sharing group for big US health care providers, said it would quickly share the US government advisory with its members.
“We’re taking it very seriously,” Errol Weiss, the group’s chief security officer, told CNN. “I would have loved a chance to work on this with the government before it came out.”
It is unclear which US health and transportation sectors were targeted by the hackers; federal officials do not typically publicly name hacking victims. The hackers appear to be focusing on exploiting the software flaws, rather than picking specific sectors to target, officials said.
Health care organizations have been strapped for resources, including cybersecurity services, throughout the coronavirus pandemic. But ransomware attacks — often from criminal groups based in Eastern Europe and Russia — on those organizations have only increased, according to tallies of attacks from private-sector experts.
The Iranian government’s alleged dabbling in ransomware, however, has received less public attention. But private-sector researchers have in recent months detailed Iran-linked hackers alleged use of ransomware, warning that hacks of companies in Israel and elsewhere are meant to disrupt business operations and intimidate victim organizations rather than recover actual ransom payments.
In the last 14 months, at least six Iranian hacking groups have used ransomware to “achieve their strategic objectives,” Microsoft researchers said Tuesday
. “These ransomware deployments were launched in waves every six to eight weeks on average.”
One suspected Iranian group posed as ransomware operators while conducting disruptive hacks of Israeli organizations this year, according to SentinelOne, another cybersecurity firm.
“[R]ansomware activities provide deniability, allowing states to send a message without taking direct blame,” SentinelOne concluded
This is the second US advisory about Iranian hacking activity in as many weeks. The FBI on November 8 privately warned US companies
, in a memo obtained by CNN, that Iranian operatives have searched cybercrime forums for sensitive data stolen from American organizations that could be useful in future hacking campaigns.