According to the alert, “CISA and FBI are aware of a widespread campaign from an Iran-based malicious cyber actor targeting several industries mainly associated with information technology, government, healthcare, financial, insurance, and media sectors across the United States.” This “malicious cyber actor” is believed to be a contractor for the Iranian government.
The alert notes that “the threat actor’s goals appear to be maintaining persistence and exfiltrating data,” and that the threat actor “has been observed selling access to compromised network infrastructure in an online hacker forum.” The FBI also warns that these actions may be preparations for a ransomware attack.
For more information about the joint alert, please follow the links below.
Alert (AA20-259A) Iran-Based Threat Actor Exploits VPN Vulnerabilities, Cybersecurity & Infrastructure Security Agency
CISA, FBI Warn Iran-based Threat Actor May Be Planning Ransomware Attacks, Nextgov