Wednesday, July 2, 2025

Agentforce London: Salesforce Reports 78% of UK Companies Embrace Agentic AI

WhatsApp Aims to Collaborate with Apple on Legal Challenge Against Home Office Encryption Directives

AI and the Creative Industries: A Misguided Decision by the UK Government

CityFibre Expands Business Ethernet Access Threefold

Fusion and AI: The Role of Private Sector Technology in Advancing ITER

Strengthening Retail: Strategies for UK Brands to Combat Cyber Breaches

Apple Encryption Debate: Should Law Enforcement Use Technical Capability Notices?

Sweden Receives Assistance in Strengthening Its Sovereign AI Capabilities

MPs to Explore Possibility of Government Digital Identity Program

Iranian Advanced Persistent Threat group caught serving as intermediary for ransomware gangs

The Iranian government-sponsored hackers are facilitating ransomware attacks on behalf of cybercrime groups such as ALPHV/BlackCat, warned the US Cybersecurity and Infrastructure Security Agency (CISA). The group, known by various names including Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm, has been targeting US organizations since 2017, including schools, government entities, financial institutions, and healthcare facilities.

The FBI has observed Pioneer Kitten attempting to sell access to victim organizations on underground markets, with a significant portion of their activity focused on collaborating with Russian-speaking cybercrime gangs to carry out ransomware attacks. The Iranian hackers have been working closely with ransomware affiliates such as NoEscape, RansomHouse, and ALPHV/BlackCat, providing access and helping to strategize on extorting victims for ransom payments.

Pioneer Kitten’s ransomware attacks typically start by exploiting vulnerabilities in remote external services and known security flaws in popular software and appliances. Security teams are advised to prioritize fixing these vulnerabilities to prevent attacks. The group’s tactics involve capturing login credentials, elevating privileges, setting up backdoors, disabling antivirus software, and establishing persistence through Windows services tasks.

Despite their activities, it is unclear whether Pioneer Kitten’s ransomware operations are officially sanctioned by the Iranian government. The group appears to primarily engage in hack-and-leak campaigns targeting regional adversaries, such as Israel, Azerbaijan, and the United Arab Emirates, rather than solely focusing on financial gain. The CISA advisory provides more technical details on Pioneer Kitten’s attack chain and tactics.