HC3 Explores Iranian Cyber Threat Landscape in Latest Brief

November 07, 2022 - The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a detailed brief exploring the Iranian threat landscape and its implications for the US healthcare sector.

Iranian threat actors have been known to engage in website defacement, malware, theft of personally identifiable information (PII), spear phishing, and distributed denial-of-service attacks (DDoS) against their victims. They are also “infamous for wiper malware as well as retaliatory attack strategies,” the brief stated.

Iranian threat groups such as Pioneer Kitten, UNC3890, and Magic Kitten are known to target the healthcare sector, the brief noted.

In November 2021, US cyber officials and allies released an advisory warning the healthcare and transportation sectors about an Iranian government-sponsored advanced persistent threat (APT) group that had been exploiting Microsoft Exchange ProxyShell and Fortinet vulnerabilities.

In June 2022, the Federal Bureau of Investigation (FBI) Director Christopher Wray revealed during a speech that Iranian government-backed hackers attempted to execute a cyberattack against Boston Children’s Hospital in June 2021.

The FBI successfully stopped the hackers before they did severe damage to the 400-bed hospital’s network, but Wray called the incident “one of the most despicable” cyberattacks he had ever seen.

In its latest brief, HC3 provided in-depth analyses of recent cyberattacks, along with tactics, techniques, and procedures (TTPs) to watch out for. Iranian threat actors have been observed utilizing legitimate file-sharing services to distribute malware, leveraging fake personals and social media platforms to communicate with targets, and harvesting credentials.

HC3 recommended that organizations implement user training, especially in regard to phishing and other types of social engineering. In addition, organizations should review Log4j vulnerabilities, Microsoft Exchange ProxyShell vulnerabilities, and Fortinet FortiOS vulnerabilities.

Organizations can also harden their defenses by implementing network segmentation, maintaining offline data backups, and reviewing antivirus logs. Healthcare organizations should always follow basic security best practices to mitigate risk, such as requiring administrator credentials to install software and having a comprehensive incident response plan.