Iranian group intensifies cyberattacks on US healthcare
Editor's Note
Cyberattacks in August 2024 are the latest examples of a specific Iranian group intensifying efforts against US organizations since 2017, Healthcare IT News reported September 3.
Citing an advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center, the article explains that the group is known by various names, including Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm. It collaborates with ransomware gangs including ALPHV (also known as BlackCat), NoEscape, and Ransomhouse that have been responsible for numerous cybersecurity attacks, particularly targeting the healthcare sector. The agencies urge organizations to implement recommended mitigations to protect their networks from these Iranian cyber threats.
According to the article, the advisory reveals that the Iranian cyber actors, who also use the aliases "Br0k3r" and "xplfinder," have shifted from typical hack-and-leak campaigns to more direct collaborations with ransomware affiliates. These collaborations aim to lock victim networks and extort ransom payments, with the cyber actors enabling encryption operations in exchange for a percentage of the ransoms.
As of July 2024, the Iranian actors have been scanning IP addresses hosting Check Point Security Gateways for vulnerabilities associated with CVE2024-24919, Healthcare IT reports, citing The FBI and CISA. Since April, they have also been probing IP addresses hosting Palo Alto Networks PAN-OS and GlobalProtect VPN devices, likely for reconnaissance and identifying devices susceptible to remote code execution.
These activities are part of a broader trend of increased cyber threats from Iran-based actors, the outlet reports. Earlier this year, the FBI, CISA, and the Department of Health and Human Services updated their cybersecurity alert on ALPHV to highlight new indicators of compromise specifically targeting the healthcare sector. Despite attempts by the FBI to disrupt the operations of ransomware groups like ALPHV, these groups continue to pose a significant threat.
Free Daily News
- Joint Commission International launches healthcare sustainability certification for global organizations
- Study: Right-sized donor livers scarce for female cancer patients
- NYU Langone surgeons complete first fully robotic lung transplant in US
- Study: C-sections more likely for black women
- Study: Tubal ligation surgeries surged after abortion restrictions
- Congressional hearing exposes US organ transplant system failures
- Researchers in Zurich, Hong Kong celebrate remote surgery milestone with successful pig endoscopy
- Study: Preoperative depression boosts risk of postoperative delirium
- Trump-Harris debate highlights contrast on abortion, Affordable Care Act
- Countdown to OR Manager Conference: Robotics in the ASC—Technology trends and what you need to know