TLDR:
- CISA, FBI, and DC3 have issued an alert warning of Iran-based ransomware attacks targeting U.S. organizations.
- The cyber actors are connected to the Government of Iran and linked to an Iranian IT company.
The Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and the Department of Defense Cyber Crime Center have issued an alert warning of Iran-based ransomware attacks. The cyber actors, known as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, are targeting U.S. organizations in sectors such as education, finance, healthcare, and defense, as well as local government entities. The FBI has assessed that these cyber actors are connected with the Government of Iran and linked to an Iranian IT company.
The malicious cyber operations aim to deploy ransomware attacks to obtain and develop network access, aiding the actors in collaborating with affiliate actors to continue deploying ransomware. The alert provides details of the tactics, techniques, and procedures used, along with indicators of compromise. Organizations are advised to follow the mitigations provided in the alert to defend against the activity.