Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Iran
Published

Iranian-backed hackers compromise federal government network to mine cryptocurrency

Hackers backed by Iran originally compromised the network in February

close
Fox News’ chief national security correspondent Jennifer Griffin on a U.S. company’s radiation weapon that can take down Iranian drones used to kill Ukranians, and USS Cole commander Kirk Lippold gives his take on its ramifications. video

US weapon can take down Iranian drones

Fox News’ chief national security correspondent Jennifer Griffin on a U.S. company’s radiation weapon that can take down Iranian drones used to kill Ukranians, and USS Cole commander Kirk Lippold gives his take on its ramifications.

Hackers backed by the Iranian regime broke into the network of a U.S. federal government agency and used that access to install cryptocurrency mining software, the Cybersecurity and Infrastructure Security Agency (CISA) said in an alert on Wednesday. 

Officials first noticed evidence of advanced persistent threat (APT) activity on the agency's network in April of this year and determined that it had been compromised since at least February. 

The hackers exploited a vulnerability to install XMRig crypto mining software and compromise credentials in the network. 

Iran hackers

Flag of Iran displayed on a laptop screen and binary code displayed on a screen are seen in this multiple exposure illustration photo. (Jakub Porzycki/NurPhoto via Getty Images / Getty Images)

CISA did not identify the compromised agency, but said that it was publishing the alert to "help network defenders detect and protect against related compromises." 

BINANCE CRYPTO HACK WITHDRAWS $570M IN BNB TOKENS

The Iranian-backed hackers used the Log4Shell vulnerability in an unpatched VMware Horizon server, which was first identified last December. 

"CISA and FBI encourage all organizations with affected VMware systems that did not immediately apply available patches or workarounds to assume compromise and initiate threat hunting activities," CISA said Wednesday. 

Crypto mining

A mining rig in a cryptocurrency mining farm on Nov. 10, 2022.  (Valeria Mongelli/Bloomberg via Getty Images / Getty Images)

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Iran's Islamic Revolutionary Guard Corps frequently uses contractors in the country's private sector to orchestrate state-sponsored cyberattacks, according to CISA.  

It's unclear if the hackers installed cryptocurrency mining software to enrich themselves or at the behest of the Iranian regime, which has increasingly turned to crypto to evade sanctions in recent years.