Ransomware gangs that hack into companies, lock up their computers, then demand ransoms to free them up, have frequently been tied back to Russian-speaking hackers—but Iranian government-linked hackers are getting in on the action, too, the FBI and the Department of Homeland Security’s cybersecurity agency CISA warned in an alert Wednesday. The government-linked hackers, which have gone by the alias “Elie” on victim systems at times, have targeted a U.S.-based children’s hospital and a municipal government so far. The hackers are also eyeing brazen attacks in the transportation sector and against other public health organizations, the alert said. Australia’s government warned it has seen suspected Iranian government-linked hackers running ransomware ops as well. It’s a reminder that Russian hacking gangs don’t hold a monopoly on ransomware attacks that could cause disruption, akin to the hacks against Colonial Pipeline or JBS earlier this year.
In some cases, the Iranian hacking gangs have been reaching out to targets with fake “interview requests,” only to try stealing their passwords to later run the ransomware attacks, according to a report published this week by cybersecurity researchers at Microsoft. Six Iranian hacking groups in all, some of which use the alias “@badguy,” have been running ransomware attacks in waves of every six to eight weeks since September 2020, the researchers said.