This report details the cyber attacks of two Iran-affiliated cyberterrorist groups, Pioneer Kitten and UNC757, against multiple U.S. industries and federal agencies, including the healthcare sector, financial sector, information technology sector, and more. Specifically these groups have been exploiting vulnerabilities in various VPNs in order to gain access to targeted networks. Upon gaining access, these groups are able to maintain their foothold within the networks for multiple months and steal data from their targets. Not only do the two groups seems to be acting on behalf of the Iranian government, but they also seem to be using these vulnerabilities for their own monetary benefit by selling access to these networks on online forums. The rest of the report goes details the technical specifics of the attacks that they use. The CISA advises the public to keep their software updated in order to protect themselves against these attacks.
Author:
Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI)
