TLDR:
U.S. cybersecurity agencies have warned about ongoing ransomware attacks by an Iranian hacking group. The group, Pioneer Kitten, is linked to the Iranian government and uses an IT company as a cover. The attacks target various sectors in the U.S. and other countries and aim to deploy ransomware to obtain network access. The threat actors have been active since 2017 and work closely with ransomware affiliates. Another Iranian group, Peach Sandstorm, has been observed deploying a new backdoor named Tickler in attacks against U.S. and U.A.E. sectors. Additionally, a suspected Iranian counterintelligence operation aims to collect data on Iranians and domestic threats. The campaign uses fake recruitment websites to harvest personal information.
Key Elements:
- Iranian hacking group, Pioneer Kitten, is targeting organizations in the U.S. and other countries with ransomware attacks
- Pioneer Kitten is linked to the Iranian government and uses an IT company as a cover
- Another Iranian group, Peach Sandstorm, has been observed deploying a new backdoor named Tickler
- A suspected Iranian counterintelligence operation aims to collect data on Iranians and domestic threats
- This campaign uses fake recruitment websites to harvest personal information
U.S. agencies have identified ongoing ransomware attacks by an Iranian hacking group called Pioneer Kitten, linked to the Iranian government. The group targets various sectors in the U.S. and other countries, using ransomware to obtain network access. Affiliates like NoEscape, RansomHouse, and BlackCat are involved in deploying file-encrypting malware. Another Iranian group, Peach Sandstorm, has been deploying a new backdoor called Tickler in attacks against sectors in the U.S. and U.A.E. Additionally, a suspected Iranian counterintelligence operation aims to collect data on Iranians and domestic threats, using fake recruitment websites to harvest personal information.