Iran's Pioneer Kitten hits US networks via buggy Check Point, Palo Alto gear
Iranian government-backed cybercriminals have been hacking into US and foreign networks as recently as this month to steal sensitive data and deploy ransomware, and they're breaking in via vulnerable VPN and firewall devices from Check Point, Citrix, Palo Alto Networks and other manufacturers, according to Uncle Sam.
In a joint security advisory issued today, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Defense Cyber Crime Center (DC3) warned network defenders that Pioneer Kitten continues to exploit American schools, banks, hospitals, defense-sector orgs, and government agencies, along with targets in Israel, Azerbaijan, and the United Arab Emirates.
These attacks include network intrusions to steal sensitive technical data from US defense contractors, along with Israel- and Azerbaijan-based organizations, in support of the Iranian government, we're told.
Most of the attacks against American targets, however, are financially motivated and not state-sanctioned, according to the FBI and friends.
