Since the original warning, ransomware gangs (malicious software that locks up computer systems and demands payment) have escalated attacks on critical infrastructure, with the Medusa gang claiming responsibility for breaching the University of Mississippi Medical Center and a New Jersey county government. A former FBI official has now proposed designating ransomware hackers as terrorists, signaling a major shift in how the government plans to prosecute these crimes. Additionally, concerns have emerged that a government shutdown could further weaken hospital cybersecurity defenses during these ongoing attacks.
Federal agencies including the NSA, CISA, and FBI have now identified specific threat actors behind the attacks, including Iranian cyber actors targeting vulnerable U.S. networks and Russian intelligence groups focusing on messaging apps. A separate threat called Scattered Spider has also been highlighted by the FBI and CISA, which uses evolving tactics to compromise security systems.
The FBI, NSA (National Security Agency, which protects U.S. computer networks), and CISA (Cybersecurity and Infrastructure Security Agency) just issued urgent warnings: hackers from Iran and Russia are actively hunting people through their phones and texting apps.
Here's what's happening. Criminal gangs called threat actors (hackers working for themselves or governments) are using two main attack strategies. First, they're breaking into vulnerable smartphones to steal personal data—passwords, photos, banking information. Second, they're targeting popular messaging apps like WhatsApp and Signal, pretending to be your friends or colleagues to trick you into clicking malicious links (a technique called social engineering, which means manipulating people into making security mistakes).
Think of it like a thief who studies which houses have weak locks, then creates fake mail to get you to open your door.
One specific group, Scattered Spider, is escalating its tactics. These hackers trick employees at companies into giving up credentials (usernames and passwords), then use that access to steal money and sensitive files. They often target messaging apps because people trust them more than email.
Three things you should do today:
1. Enable two-factor authentication on all accounts—this adds a second security step beyond your password. Your bank or email will ask for a code from your phone before letting anyone log in.
2. Never click links from unknown senders, even if they seem to come from friends. Hackers copy phone numbers and names. Call the person directly instead.
3. Update your phone's software immediately. Patches (security fixes) close holes hackers use to break in.
These aren't hypothetical threats. Real Americans are losing access to their accounts and money right now. The agencies warn that no person or company is too small to target. [Source: NSA, CISA, FBI]