Recent reports reveal a complex and contentious cyber conflict involving Iran. On one side, Iran faces allegations of orchestrating ransomware attacks on various U.S. federal facilities through a group known as Fox Kitten. On the other, it has been reported that the Iranian government may have paid millions to a different hacking group to prevent the release of sensitive banking data on the dark web.
The hacking group IRLeaks, notorious for targeting Iranian entities for financial gain, reportedly demanded a ransom of $10 million in cryptocurrency to prevent the release of stolen information from approximately 20 domestic banks. As the threat of destabilizing Iran’s financial system loomed large, the Iranian government was able to negotiate the ransom down to $3 million. This payment was made to halt the data leaks and secure the sensitive information from further exposure.
Some speculated that IRLeaks might have connections to the United States and suggested their actions were intended to create psychological fear among Iranian citizens. However, this claim has been firmly denied by the Biden administration, which dismissed it as unfounded.
Instead, the Biden administration has accused Iran of deploying malware via Advanced Persistent Threat (APT) groups to disrupt critical infrastructure and influence the 2024 U.S. elections in favor of former President Donald Trump. The situation has led to an ongoing blame game between the United States, Israel, and Iran, with alleged support from hackers in Moscow and Beijing.
In response to these threats, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI recently issued a joint advisory warning U.S. and Israeli businesses about Fox Kitten, also known as Rubidium. The advisory revealed that this group, backed by state actors, is engaged in activities beyond espionage, including data wiping and malware distribution. Evidence also suggests that Fox Kitten has been targeting companies across various countries, including Azerbaijan, Australia, Finland, Ireland, France, Germany, Algeria, Turkey, India, and Canada.