US Cyber Command attributed MuddyWater activity to the Iranian Ministry of Intelligence


The US Cyber Command has disclosed multiple open-source tools used by Iranian intelligence actors.

MuddyWater is commonly considered an Iranian state-sponsored threat actor, but no further granularity has previously been available, Sentinel Labs said in a blog post. As of January 12th, MuddyWatter activity has been attributed to the Iranian Ministry of Intelligence (MOIS).

According to the Congressional Research Service, the MOIS "conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran's embassies."

ADVERTISEMENT

The US Cyber Command's Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are using in networks worldwide.

MuddyWatter has primarily targeted Middle Eastern, European, and North American nations.

The US Cyber Command has described technical aspects of how the threat actor could be leveraging malware in networks. Should a network operator identify multiple tools on the same network, it may indicate the presence of Iranian malicious cyber actors.

"These include side-loading DLLs to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions. New samples showing the different parts of this suite of tools are posted to Virus Total, along with JavaScript files used to establish connections back to malicious infrastructure," it said.


More from CyberNews:

Hackers steal $18.7 million from Animoca Brands' sports NFT platform

KCodes NetUSB vulnerability: millions of routers exposed to RCE attacks

Privacy in the metaverse: dead on arrival?

Nervos integrates with Pastel Network to protect from NFT scams and hacks

Novel scam employs QR codes and crypto ATMs

Subscribe to our newsletter

ADVERTISEMENT