Iranian State-Sponsored Hackers Become Access Brokers For Ransomware Gangsca - Cyble
Iranian state-backed actors operating under aliases like “Pioneer Kitten” are increasingly targeting critical infrastructure – and expanding their activities into brokering access for ransomware affiliates.
Key Takeaways
- A group of Iranian state-sponsored hackers has evolved into access brokers for ransomware gangs, targeting critical U.S. and allies’ sectors like education, finance, healthcare, and defense.
- The FBI, CISA, and DC3 have issued a joint advisory highlighting the dual nature of these threat actors’ activities, which include both monetizing network access and conducting espionage aligned with Iranian government interests.
- The hackers, known by names like “Pioneer Kitten” and “Lemon Sandstorm,” are highly adaptive, continuously evolving their methods to exploit vulnerabilities in widely used network devices and selling domain control to ransomware groups like ALPHV (BlackCat) and NoEscape.
- Beyond ransomware, the group has engaged in hack-and-leak operations aimed at causing reputational damage rather than securing a ransom, signaling a shift towards information warfare.
- The advisory urges organizations to patch known vulnerabilities immediately, stay vigilant, and monitor for indicators of compromise, including unauthorized installs and outbound traffic to suspicious domains.
Read More get more information https://cyble.com/blog/iranian-state-sponsored-hackers-have-become-access-brokers-for-ransomware-gangsca/
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now