TLDR:
- US agencies issue cybersecurity advisory on Iranian-linked cyber threat groups targeting critical infrastructure
- Groups identified as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm
U.S. agencies have issued a cybersecurity advisory alerting critical infrastructure organizations about cyber actors, identified as Iranian-linked groups, targeting various sectors in the U.S. and other countries. These actors, known by different names such as Pioneer Kitten, UNC757, and others, are linked to the Government of Iran (GOI) and have been deploying ransomware attacks to gain network access. The groups target organizations through VPN vulnerabilities and device exploits, collaborating with ransomware affiliates to extort victims.
They also conduct hack-and-leak campaigns and steal sensitive data. The FBI and CISA recommend implementing mitigations against vulnerabilities, testing security programs, and validating security controls to defend against these cyber threats based on known indicators of compromise and tactics used by the hackers.