September 5, 2024

Iranian group intensifies cyberattacks on US healthcare

Editor's Note

Cyberattacks in August 2024 are the latest examples of a specific Iranian group intensifying efforts against US organizations since 2017, Healthcare IT News reported September 3.

Citing an advisory issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center, the article explains that the group is known by various names, including Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm. It collaborates with ransomware gangs including ALPHV (also known as BlackCat), NoEscape, and Ransomhouse that have been responsible for numerous cybersecurity attacks, particularly targeting the healthcare sector. The agencies urge organizations to implement recommended mitigations to protect their networks from these Iranian cyber threats.

According to the article, the advisory reveals that the Iranian cyber actors, who also use the aliases "Br0k3r" and "xplfinder," have shifted from typical hack-and-leak campaigns to more direct collaborations with ransomware affiliates. These collaborations aim to lock victim networks and extort ransom payments, with the cyber actors enabling encryption operations in exchange for a percentage of the ransoms.

As of July 2024, the Iranian actors have been scanning IP addresses hosting Check Point Security Gateways for vulnerabilities associated with CVE2024-24919, Healthcare IT reports, citing The FBI and CISA. Since April, they have also been probing IP addresses hosting Palo Alto Networks PAN-OS and GlobalProtect VPN devices, likely for reconnaissance and identifying devices susceptible to remote code execution.

These activities are part of a broader trend of increased cyber threats from Iran-based actors, the outlet reports. Earlier this year, the FBI, CISA, and the Department of Health and Human Services updated their cybersecurity alert on ALPHV to highlight new indicators of compromise specifically targeting the healthcare sector. Despite attempts by the FBI to disrupt the operations of ransomware groups like ALPHV, these groups continue to pose a significant threat.

Read More >>

Join our community

Learn More
Video Spotlight
Live chat by BoldChat