The Cybersecurity and Infrastructure Security Agency alongside the FDA and Department of Defense Cyber Crime Center released a new warning Aug. 28 about Iran-based ransomware attacks against U.S.-based entities, including healthcare organizations.
The warning details cyber actors from Iran, including Pioneer Kitten, UNC757, Parasite, Rubidium and Lemon Sandstorm, using ransomware attacks to gain access to IT networks and cause issues. The organizations' tactics are similar to Iran-based threat actor activities CISA warned of on Sept. 15, 2020.
The Iranian threat actors hack into U.S.-based organizations and collaborate with Russian-linked ransomware groups to execute attacks. The affiliated ransomware groups include BlackCat, which claimed responsibility for the Change Healthcare ransomware attack earlier this year.
Likely the threat actors aren't sanctioned by the Iranian government, according to the report.
"This alert demonstrates the close 'international cooperation' between hackers to exploit cyber espionage campaigns for criminal profit,” said John Riggi, the American Hospital Association's national advisor for cybersecurity and risk, in a Aug. 30 statement. “This alert also demonstrates the nation-state level sophistication and expertise of the ransomware groups that target U.S. healthcare."
There have been several ransomware attacks against hospitals and third-party vendors in recent months and health systems are increasing cybersecurity efforts and budgets in response. Both large and small organizations have been targeted and fallen victim to these attacks.
"No healthcare organization, regardless of their cybersecurity preparedness, can be expected to fully defend against a group of nation-state-trained hackers collaborating with sophisticated ransomware gangs," said Mr. Riggi. "Clearly, the initial access leading to a subsequent ransomware attack, sanctioned or not, is state-sponsored. We strongly encourage the U.S. government to treat these attacks as national security threats, by policy and action, and impose significant risk and consequences on our cyber adversaries. Offense is the best defense."