On August 28, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA), together with the FBI and Department of Defense Cyber Crime Center, issued an advisory to U.S. organizations, including healthcare organizations, warning that Iran-backed malicious cyber actors are targeting U.S. organizations to obtain access to their networks in order to exploit them for future ransomware attacks (the Advisory). The Advisory provides the threat actor’s known indicators of compromise and tactics, techniques, and procedures and recommends various mitigation measures to reduce the likelihood and impact of ransomware incidents.
FBI investigations conducted as recently as August 2024 have found that cyber actors like “Pioneer Kitten” are connected with the Government of Iran and linked to an Iranian information technology company. Their malicious cyber operations seek to obtain and maintain technical access to U.S. organization’s networks to enable future ransomware attacks. The actors then offer to sell full domain control privileges and admin credentials to numerous other bad actors worldwide.
The federal agencies encourage critical infrastructure organizations to review and implement the mitigations provided in the Advisory to improve their cybersecurity posture based on the Iranian cyber group’s activity. The mitigation measures listed in the Advisory contain technical details and identify vulnerable devices and software.
The Advisory is located here. CISA’s press release regarding the Advisory is here.
