Iranian government-backed hackers were behind an attempted hack of the Boston Children’s Hospital computer network last year, FBI Director Christopher Wray alleged Wednesday, calling it “one of the most despicable cyberattacks I’ve ever seen.”
The FBI was able to help thwart the hackers before they did damage to the hospital’s computer network, according to Wray, but he cited it as an example of the potential high-impact hacking threats that the US faces from the governments of Iran, Russia, China and North Korea.
“We cannot let up on China or Iran or criminal syndicates while we’re focused on Russia,” Wray said in a speech at Boston College.
The hack, which took place in June 2021, saw the attackers exploit popular software made by California-based firm Fortinet to control the hospital’s computer network, according to US officials.
It’s unclear what the ultimate goals of the attackers were. Boston Children’s Hospital is a more than 400-bed facility and is considered one of the premier pediatric centers in the US.
Wray had previously said in March that the Iranian government-linked hackers were behind a cyberattack on a children’s hospital, but he didn’t name the hospital.
CNN has requested comment from the hospital and from Iran’s Permanent Mission to the United Nations.
The incident was one of several that prompted a public warning last November from the FBI and other agencies that Iranian government-backed hackers were targeting a range of organizations across the transportation and health care sectors.
It was a rare case of the US government publicly linking Iran with ransomware, which is typically used by cybercriminals rather than governments. But US officials and private analysts have long warned of collusion between foreign governments and criminal hacking groups.
When it comes to potential Russian hacking threats to the US, the FBI has been on a “combat tempo,” with a 24/7 command post, during the Kremlin’s war in Ukraine, Wray added.
“We’ve seen the Russian government taking specific preparatory steps towards potential destructive [cyber]attacks, both here and abroad,” he added.
Such a “destructive” hack — in which data or systems are destroyed — hasn’t been reported in the US since Russia’s invasion of Ukraine. But suspected Russian hackers have conducted a slew of destructive hacks in Ukraine, and US officials are warning business to let their guard down.
The same network access gained by Russian operatives to collect intelligence could be used for a destructive hack, Wray warned. “That’s why, when it comes to Russia today, we’re focused on acting as early – as far ‘left of boom,’ as they say – as we can.”
“We’re watching for their cyber activities to become more destructive as the war keeps going poorly for them,” Wray said Wednesday.