CISA, FBI, and the Department of Defense Cyber Crime Center (DC3) have published a joint Cybersecurity Advisory (CSA) highlighting ongoing ransomware attacks by Iran-based cyber actors targeting U.S. and international organizations, including those in education, finance, healthcare, defense, and local government. These actors, associated with the Iranian government, use their access to collaborate with ransomware affiliates to deploy ransomware and steal sensitive data. The advisory details their tactics, techniques, and procedures (TTPs) and provides updates from a previous advisory on the exploitation of virtual private network (VPN) vulnerabilities. Known under various names such as Pioneer Kitten and Br0k3r, this group also engages in computer network exploitation to support Iranian state interests, conducting operations like the 2020 Pay2Key hack-and-leak campaign aimed at undermining Israeli infrastructure. For more information, please visit Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations.