CISA released an advisory on Wednesday warning of cyber criminals targeting and exploiting U.S. and foreign organizations across multiple sectors in the U.S.
The Cybersecurity Advisory (CSA), a collaborative effort with the Federal Bureau of Investigation (FBI) and the Department of Defense Cyber Crime Center (DC3), warns network defenders that a group of Iran-based cyber actors continues to exploit U.S. and foreign organizations.
The CSA identifies the cyber actors as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm. According to CISA, cyber actors like Pioneer Kitten have links to the Government of Iran and an Iranian information Technology company.
They operate by deploying ransomware attacks to obtain and develop network access, which enables them to collaborate with other cyber criminals to continue deploying ransomware.
The affected organizations cut across several sectors, including education, finance, healthcare, and defense sectors as well as local government entities. It also affects other countries, such as Israel, Azerbaijan, and the United Arab Emirates.
This advisory highlights similarities to a previous advisory, Iran-Based Threat Actor Exploits VPN Vulnerabilities published by CISA in 2020, and provides known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs).
CISA and partners encourage critical infrastructure organizations to review and implement the mitigations provided in the joint advisory to reduce the likelihood and impact of ransomware incidents.