Iranian hackers emerge as cyberthreat to health care computer networks
‘Charming Kitten’ believed to be a front for Islamic Revolutionary Guard Corps, according to HHS’ cybersecurity agency.
Hackers from Iran could pose the next threat to physician and hospital computer networks.
“Iranian Threat Actors & Healthcare” is the latest
Iran is historically a “risk-averse actor,” but online attacks provide “a means to exploit enemy vulnerabilities while minimizing the risk of escalation/retaliation,” according to HC3. Iranian hackers have engaged in website defacement, spear phishing, distributed denial-of-service attacks, theft of personally identifiable information, installation of malware, and social media-driven operations.
In 2021, Iran also signed cooperation agreements that focus on cybersecurity and information and communication technology with Russian, and establishing a 25-year economic and defense collaboration with China, according to HC3. The countries share some common goals including greater censorship.
Strategies for security
Advertisement
To avoid cyberattacks, HC3 recommended the measures such as:
- User training on spotting and reporting phishing attacks and social engineering that make phony emails appear credible.
- Review computer network vulnerabilities and install security patches.
- Segment networks to restrict lateral movements by threat actors.
- Maintain offline backups of data and regularly test backup and restoration.
- Ensure backup data is encrypted, unchangeable, and covers the organization’s entire data infrastructure.
- Use strong passwords and multifactor authentication.
- Require administrator credentials to install software.
Not-so-Charming Kitten
The threat actor “Charming Kitten” is associated with the Islamic Revolutionary Guard Corps (IRGC), according to HC3. That group formed “as an ideological custodian of Iran’s 1979 revolution.” In April 2019, President Donald J. Trump designated it a
Charming Kitten, also known as TA453, Cobalt Illusion, Magic Hound, ITG18, Phosphorus, Newscaster, or APT35, has targeted medical researchers, dissidents, diplomats, human rights activists, media, government, military, energy, and telecommunications operations.
The group has used spear phishing, or targeted phony emails that attempt to fool receivers into revealing confidential information. Other tactics include leveraging fake personas and social media platforms to interact with targets and impersonating popular online sites to harvest user credentials, according to HC3, which listed at least eight other hacking handles, including six that use “kitten” in the name.
The IRGC also was the subject of a multinational
Hack attacks
In the United States, Iranian hackers are associated with a thwarted cyberattack on a children’s hospital and a Facebook campaign targeting Americans and Europeans. In that campaign, hackers pretended to work in hospitality, medicine, journalism, nongovernmental organizations, and at airlines, according to HC3.
Things were worse for the government of Albania. That country has the headquarters of the
The Albanian government faced a two-phase cyberattack that started about 14 months before July 18, 2022, when the “government published a statement announcing that it had to ‘temporarily close access to online public services and other government websites’ due to disruptive cyber activity,” according to HC3.
This article originally appeared on Medical Economics®.
Newsletter
Get the latest clinical updates, case studies, and expert commentary in obstetric and gynecologic care. Sign up now to stay informed.
