WorldNorth AmericaIran coordinates ransomware attacks against the US and the Middle East

Iran coordinates ransomware attacks against the US and the Middle East

Type of event:
Cyber-attack, Cybersecurity

Victims

Wounded

Date

August 28, 2024

What happened

According to a notice from U.S. federal agencies, Iran is orchestrating ransomware attacks targeting organizations in the U.S., Israel, Azerbaijan, and the United Arab Emirates. Since 2017, groups linked to the Iranian government, known as Pioneer Kitten and others, have been targeting sectors such as education, finance, health, and defense. These actors collaborate with ransomware gangs to gain access to networks and then sell that access or block systems to extort money. Iran also uses an IT company to cover its activities. Agencies advise organizations to update the vulnerabilities these hackers exploit and report any incidents. According to the agencies, ransomware attacks and cyber incidents ought to be reported to the FBI and CISA, as they are keen to collect more details on tactics, IP addresses, ransom notes, bitcoin wallets, decryptor files, and other relevant information.

Where it happened

Main sources