WASHINGTON: Hackers linked to the Iranian government have been targeting a “broad range of victims” inside the United States, including by deploying ransomware, according to an advisory issued Wednesday by American, British and Australian officials.
The advisory says that in recent months, Iran has exploited computer vulnerabilities exposed by hackers before they can be fixed and targeted entities in the transportation, health care and public health sectors. The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion, according to the advisory. The group has used the same Microsoft Exchange vulnerability in Australia, officials say.
The warning is notable because even though ransomware attacks remain prevalent in the US, most of the significant ones in the past year have been attributed to Russia-based criminal hacker gangs rather than Iranian hackers.
Government officials aren’t the only ones noticing the Iranian activity: Tech giant Microsoft announced Tuesday that it had seen six different groups in Iran deploying ransomware since last year.
Microsoft said one of the groups spends significant time and energy trying to build rapport with their intended victims before targeting them with spear-phishing campaigns. The group uses fake conference invitations or interview requests and frequently masquerade as officials at think tanks in Washington, D.C., as a cover, Microsoft said.
Once rapport is built and a malicious link is sent, the Iranians are extra pushy at trying to get their victims to click on it, said James Elliott, a member of the Microsoft Threat Intelligence Center.
“These guys are the biggest pain in the rear. Every two hours they’re sending an email,” Elliott said at the Cyberwarcon cybersecurity conference Tuesday.
Earlier this year Facebook announced it had found Iranian hackers using “sophisticated fake online personas” to build trust with targets and get them to click on malicious links and often posed as recruiters of defense and aerospace companies.
Researchers at the Crowdstrike cybersecurity firm said they and competitors began seeing this type of Iranian activity last year.
The Iranian ransomware attacks, unlike those sponsored by North Korea’s government, are not designed to generate revenue so much as for espionage, to sow disinformation, to harass and embarrass foes — Israel, chief among them — and to essentially wear down their targets, Crowdstrike researchers said at the Cyberwarcon event.
“While these operations will use ransom notes and dedicated leak sites demanding hard cryptocurrency, we’re really not seeing any viable effort at actual currency generation,” Crowdstrike global threat analysis director Kate Blankenship said.
Crowdstrike considers Iran to be the trendsetter in this novel “low form” of cyberattack, which typically involves paralyzing a network with ransomware, stealing information and then leaking it online. The researchers call the method “lock and leak.” It is less visible, less costly and “provides more room for deniability,” Blankenship said.
![]()
Iran-backed hackers accused of targeting critical US sectors
Short Url
https://arab.news/bm9p7
Iran-backed hackers accused of targeting critical US sectors
- The attackers leveraged the initial hack for additional operations, such as data exfiltration, ransomware and extortion
- The group has used the same Microsoft Exchange vulnerability in Australia, officials say
Syria’s leader set to visit Berlin with deportations in focus
BERLIN: Syrian President Ahmed Al-Sharaa is expected in Berlin on Tuesday for talks, as German officials seek to step up deportations of Syrians, despite unease about continued instability in their homeland.
Sharaa is scheduled to meet his counterpart Frank-Walter Steinmeier, the German president’s office said.
Chancellor Friedrich Merz’s office has yet to announce whether he would also hold talks with Sharaa during the visit.
Since ousting Syria’s longtime leader Bashar Assad in late 2024, Sharaa has made frequent overseas trips as the former Islamist rebel chief undergoes a rapid reinvention.
He has made official visits to the United States and France, and a series of international sanctions on Syria have been lifted.
The focus of next week’s visit for the German government will be on stepping up repatriations of Syrians, a priority for Merz’s conservative-led coalition since Assad was toppled.
Roughly one million Syrians fled to Germany in recent years, many of them arriving in 2015-16 to escape the civil war.
In November Merz, who fears being outflanked by the far-right AfD party on immigration, insisted there was “no longer any reason” for Syrians who fled the war to seek asylum in Germany.
“For those who refuse to return to their country, we can of course expel them,” he said.
- ‘Dramatic situation’ -
In December, Germany carried out its first deportation of a Syrian since the civil war erupted in 2011, flying a man convicted of crimes to Damascus.
But rights groups have criticized such efforts, citing continued instability in Syria and evidence of rights abuses.
Violence between the government and minority groups has repeatedly flared in multi-confessional Syria since Sharaa came to power, including recent clashes between the army and Kurdish forces.
Several NGOs, including those representing the Kurdish and Alawite Syrian communities in Germany, have urged Berlin to axe Sharaa’s planned visit, labelling it “totally unacceptable.”
“The situation in Syria is dramatic. Civilians are being persecuted solely on the basis of their ethnic or religious affiliation,” they said in a joint statement.
“It is incomprehensible to us and legally and morally unacceptable that the German government knowingly intends to receive a person suspected of being responsible for these acts at the chancellery.”
The Kurdish Community of Germany, among the signatories of that statement, also filed a complaint with German prosecutors in November, accusing Sharaa of war crimes, genocide and crimes against humanity.
There have also been voices urging caution within government.
On a trip to Damascus in October, Foreign Minister Johann Wadephul said that the potential for Syrians to return was “very limited” since the war had destroyed much of the country’s infrastructure.
But his comments triggered a backlash from his own conservative Christian Democratic Union party.
Sharaa is scheduled to meet his counterpart Frank-Walter Steinmeier, the German president’s office said.
Chancellor Friedrich Merz’s office has yet to announce whether he would also hold talks with Sharaa during the visit.
Since ousting Syria’s longtime leader Bashar Assad in late 2024, Sharaa has made frequent overseas trips as the former Islamist rebel chief undergoes a rapid reinvention.
He has made official visits to the United States and France, and a series of international sanctions on Syria have been lifted.
The focus of next week’s visit for the German government will be on stepping up repatriations of Syrians, a priority for Merz’s conservative-led coalition since Assad was toppled.
Roughly one million Syrians fled to Germany in recent years, many of them arriving in 2015-16 to escape the civil war.
In November Merz, who fears being outflanked by the far-right AfD party on immigration, insisted there was “no longer any reason” for Syrians who fled the war to seek asylum in Germany.
“For those who refuse to return to their country, we can of course expel them,” he said.
- ‘Dramatic situation’ -
In December, Germany carried out its first deportation of a Syrian since the civil war erupted in 2011, flying a man convicted of crimes to Damascus.
But rights groups have criticized such efforts, citing continued instability in Syria and evidence of rights abuses.
Violence between the government and minority groups has repeatedly flared in multi-confessional Syria since Sharaa came to power, including recent clashes between the army and Kurdish forces.
Several NGOs, including those representing the Kurdish and Alawite Syrian communities in Germany, have urged Berlin to axe Sharaa’s planned visit, labelling it “totally unacceptable.”
“The situation in Syria is dramatic. Civilians are being persecuted solely on the basis of their ethnic or religious affiliation,” they said in a joint statement.
“It is incomprehensible to us and legally and morally unacceptable that the German government knowingly intends to receive a person suspected of being responsible for these acts at the chancellery.”
The Kurdish Community of Germany, among the signatories of that statement, also filed a complaint with German prosecutors in November, accusing Sharaa of war crimes, genocide and crimes against humanity.
There have also been voices urging caution within government.
On a trip to Damascus in October, Foreign Minister Johann Wadephul said that the potential for Syrians to return was “very limited” since the war had destroyed much of the country’s infrastructure.
But his comments triggered a backlash from his own conservative Christian Democratic Union party.
Latest updates
© 2026 SAUDI RESEARCH & PUBLISHING COMPANY, All Rights Reserved And subject to Terms of Use Agreement.