Iran-backed hackers accused of targeting critical US sectors

An advisory issued by officials in the United States, United Kingdom and Australia warns that hackers linked to the Iranian government have been targeting a “broad range of victims” inside the U.S. with ransomware and other malicious cyber activity

WASHINGTON -- Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials.

The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.

The warning is notable because even though ransomware attacks remain prevalent in the U.S., most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.

Government officials aren't the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.