Iran-linked hackers target second U.S. medical institution, researchers say
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Iranian government-linked hackers hit a U.S. medical institution with ransomware in late February, right around when the war in Iran began, according to research released Tuesday.
Why it matters: This is the second known attack on an American health care organization since tensions between the U.S., Israel and Iran began this year.
Zoom in: Pay2Key, a ransomware gang that's been operating since 2020, appears to have used a compromised administrator's account to gain access to the organization.
- Once inside, the hackers waited several days before deploying malware, which took only three hours to deploy and encrypt the files on the environment.
- Incident responders at Beazley Security responded to the attack in late February and called in researchers at Halcyon to help study the malware.
Yes, but: No data was actually exfiltrated during this attack and the gang didn't make a ransom demand, according to the report.
The big picture: The Iranian government is known to use its own cyber capabilities, including those belonging to unofficial proxy groups, as a means to retaliate to kinetic warfare.
Driving the news: Last week, the FBI accused Iranian intelligence of running a pro-Iran hacktivist group that targeted U.S. medical device company Stryker.
- The FBI also warned on Friday that Iran-linked hackers were using Telegram to push malware against dissidents, journalists and other opposition groups.
What to watch: President Trump and Iranian leaders have continued to threaten attacks on each other's infrastructure amid reports of potential peace talks.
