The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Defense Cyber Crime Center (DC3) issued a joint alert on August 28, 2024, warning U.S.-based organizations that cyber actors, “known in the private sector as Pioneer Kitten, UNC757, Parisite, Rubidium, and Lemon Sandstorm,” are targeting and exploiting U.S. organizations “across multiple sectors.” Those sectors include “education, finance, healthcare, and defense sectors as well as local government entities.”

The FBI has assessed that these cyber actors are “connected with the Government of Iran (GOI) and linked to an Iranian information technology (IT) company. Their malicious cyber operations are aimed at deploying ransomware attacks to obtain and develop network access. These operations aid malicious cyber actors in further collaborating with affiliate actors to continue deploying ransomware.”

The alert outlines the tactics, techniques, and procedures used by the threat actors and the indicators of compromise. The alert recommends that organizations follow the mitigations provided in the alert to defend against the activity.