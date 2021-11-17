Hackers with ties to Iran’s government are launching ransomware attacks against the United States.

According to an advice released Wednesday by American, British, and Australian officials, the Iranian government has been linked to hackers who have been targeting a “wide range of victims” in the United States with ransomware and other techniques.

Though public knowledge and worry about ransomware attacks has expanded in recent months, the majority of large attacks have been linked to Russian criminal hacking groups rather than Iranian hackers.

According to the advice, when hackers have discovered computer weaknesses in recent months, Iran has targeted businesses in the transportation, health care, and public health sectors before they can be addressed. Officials claimed that in addition to using ransomware in their hacking operations, the attackers also use data exfiltration and extortion against their targets.

The reported Iranian ransomware has been observed by companies such as Microsoft. The Microsoft Threat Intelligence Center (MSTIC) said in a blog post published Tuesday that it has been tracking “a progressive progression of the tools, techniques, and procedures deployed by malicious network operators based in Iran” for the past year.

Since last year, MSTIC has observed six separate Iran-based gangs deploy ransomware, according to the post. According to the Associated Press, one of these groups frequently employs phony interview requests, fake conference invites, and fake identities as think tank executives in Washington, D.C. as a cover while attempting to create rapport with its chosen targets.

Once they’ve established rapport, they try to target victims with spear-phishing attacks, and they can be very persistent, according to MSTIC member James Elliott.

“These people are a real pain in the neck. They send an email every two hours “On Tuesday, Elliott spoke at the Cyberwarcon cybersecurity conference.

Facebook said earlier this year that it had discovered Iranian hackers using “advanced fake online personas” to gain trust from targets and persuade them to click on harmful links. The hackers frequently pretended to be recruiters for defense and aerospace industries.

Researchers at Crowdstrike, a cybersecurity firm, said they and their competitors started observing Iranian activities like this last year.

Unlike those funded by North Korea's government, the Iranian ransomware assaults are primarily intended for espionage, disinformation, and harassing and embarrassing foes—Israel.