Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

The FBI, CISA, and DC3 released a joint advisory describing an Iran-linked cyber actor (Pioneer Kitten / Fox Kitten / xplfinder / Br0k3r) that exploits unpatched VPNs, firewalls, and networking appliances (multiple CVEs) to deploy webshells and backdoors, steal sensitive data for state-directed objectives, and monetize access by collaborating with ransomware affiliates; the advisory provides mapped MITRE ATT&CK TTPs, IOCs (IPs, domains, bitcoin addresses, TOX identifiers), and detailed mitigations and reporting guidance.