The US Cyber Command has disclosed multiple open-source tools used by Iranian intelligence actors.
MuddyWater is commonly considered an Iranian state-sponsored threat actor, but no further granularity has previously been available, Sentinel Labs said in a blog post. As of January 12th, MuddyWatter activity has been attributed to the Iranian Ministry of Intelligence (MOIS).
According to the Congressional Research Service, the MOIS "conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran's embassies."
The US Cyber Command's Cyber National Mission Force has identified and disclosed multiple open-source tools that Iranian intelligence actors are using in networks worldwide.
MuddyWatter has primarily targeted Middle Eastern, European, and North American nations.
The US Cyber Command has described technical aspects of how the threat actor could be leveraging malware in networks. Should a network operator identify multiple tools on the same network, it may indicate the presence of Iranian malicious cyber actors.
More from CyberNews:
Subscribe to our newsletter