Iranian Cyberthreat to U.S. Healthcare Sector

The U.S. federal government issued a warning to its health sector about Iranian threat actors possibly staging an attack. The threat brief was issued by the Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services. It outlines possible threats, frequent tactics of the Tehran-backed hackers, and recommendations for guarding against future threats. 

U.S. Relations With Iran: Why the Hostility?

According to the U.S. Department of State, the United States hasn’t had formal diplomatic relations with Iran since April 1980. The two nations severed diplomatic ties after the Iranian takeover of the U.S. embassy on November 4, 1979. 

Since then, Switzerland acts as protecting power for U.S. citizens in Iran, while Pakistan serves as the Iranian protecting power in the United States. 

While bilateral relations between the nations have always been volatile, they experienced further deterioration during Donald Trump’s presidency. U.S. sanctions on Iran forced European organizations to sever economic engagements with Tehran. During this time, Trump also labeled Iran “a nation of terror.”

More recently, the U.S. government imposed sanctions on Iranian officials for “the continued violence against peaceful protesters and the shutdown of Iran’s Internet access.” The cyberthreats may be a possible retaliation against these recent sanctions.

Political Unrest In Iran

A wave of political unrest broke out in Iran following the killing of a young Iranian woman by the “morality police” for not wearing the “proper” Islamic hijab. The killing caused tens of thousands of enraged Iranians to take to the streets, protesting gross human rights violations and intense security crackdowns by the Iranian government.  

The protests resulted in multiple killings by Iranian security forces, and many protesters now face the death sentence under the charge of “enmity against God.”

As political turmoil continues to develop and death tolls continue to rise, the world stands by in support, hoping protestors will reach their goal of increased democracy and focus on human rights. 

Iranian Threat to Healthcare Sector

Iranian state-backed hacker groups including Pioneer Kitten, Charming Kitten, Magic Kitten, and UNC3890 lack the technological sophistication required to carry out high-impact cyberattacks. Instead, they rely heavily on social engineering tactics to trick targets into disclosing information or clicking on malicious links. 

Attacks from these groups are often risk-averse — aiming to exploit while minimizing risk. The groups use distributed denial-of-service (DDoS), wiper malware, social media operations, and spear phishing attacks to steal personally identifiable information and deface websites. 

They exploit platforms like LinkedIn and Facebook, creating credible-looking profiles to lure targets into disclosing information. 

According to Paul Prudhomm, former threat analyst at the Department of Defense, these state-sponsored groups invest heavily in the social engineering elements of attacks. They exert tremendous effort into increasing credibility of fake accounts in hopes of withstanding perusal. 

In June 2022, FBI Director Christopher Wray spoke at a conference delivered by Boston College detailing a similar attempted attack on Boston’s Children Hospital. The attack is said to have threatened services to patients and “understanding the urgency of the situation”, the Boston cybersecurity squad “raced out to notify the hospital.”

The Darkside of the “Charming Kitten”

According to HC3, the threat group “Charming Kitten” has ties with the Islamic Revolutionary Guard Corps (IRGC), a group that arose as “an ideological custodian of Iran’s 1979 revolution.” Its known targets include medical researchers, dissidents, diplomats, human rights activists, and telecommunications. 

Charming Kitten leverages fake personas on social media accounts to launch targeted phishing campaigns with healthcare-related lures such as fake job postings and research opportunities. 

It also uses watering hole attacks to compromise relevant websites, defacing them or executing “lock and leak” assaults. These cyber assaults use ransomware to freeze and subsequently leak data intended to defame the organization in question.

Security Recommendations From HC3

The threat brief by HC3 provides recommendations for mitigating threats from Iran. It includes the following suggestions for healthcare organizations and employees:

• • • • • Training employees to easily recognize social engineering tactics and phishing campaigns.
        • Implementing network segmentation to limit lateral movement of malicious threat actors.
        • Encrypting backup data to mitigate impact of possible ransomware attacks.
        • Using strong passwords and multi-factor authentication.
        • Reviewing anti-malware logs.
        • Auditing user accounts with administrative privileges.
        • Creating an incident response plan and practicing it regularly.

While it’s important for governments to look out for potential cyberattacks, internet security doesn’t stop there. Personal internet security is more important than ever and the density of threats nowadays calls for tighter personal security measures. 

Are you concerned about your internet security? If so, it’s important to take steps to safeguard it and one of most effective ways of doing so is using a trustworthy VPN. CyberGhost VPN offers military-grade VPN tunnel encryptions and abides by a strict No Logs policy. This means it doesn’t collect, store, or give out any of your data. Get CyberGhost VPN to safeguard your internet security.

Evade Threats With CyberGhost