The FBI and the Cybersecurity and Infrastructure Security Agency found an Iranian government-backed hacker group has been exploiting Fortinet and Microsoft vulnerabilities in ransomware attacks against hospitals and healthcare organizations, according to a Nov. 17 joint cybersecurity advisory.
Four things to know:
1. The federal agencies said hackers have been exploiting Fortinet vulnerabilities since at least March. The hackers have also been exploiting Microsoft Exchange vulnerabilities since at least October to deploy ransomware.
2. The hackers are targeting critical U.S. infrastructures, such as the healthcare industry and the public health sector. The group has also been exploiting the Microsoft vulnerability in Australia.
3. In June, U.S. officials noted the hackers attacked a children's hospital by exploiting a Fortigate appliance. The hackers likely accessed known user accounts at the hospital from an IP address linked to the Iranian government to enable future malicious activity, according to the advisory.
4. Federal officials recommend organizations using Microsoft Exchange servers and Fortinet investigate for suspicious activity on their networks. To mitigate the risk of attack, the FBI and CISA recommend hospitals patch and update their systems, keep their block lists up to date, employ backup and restoration procedures, regularly back up systems and implement multifactor identification and require strong passwords.