Connect with us

Hi, what are you looking for?


US links MuddyWater hacking group to Iranian intelligence agency

Iran fingerprint

US links MuddyWater hacking group to Iranian intelligence agency

US Cyber Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWatter hacking group to Iran’s Ministry of Intelligence and Security (MOIS).

MOIS is the Iran government’s leading intelligence agency, tasked with coordinating the country’s intelligence and counterintelligence, as well as covert actions supporting the Islamic regime’s goals beyond Iran’s borders.

“These actors, known as MuddyWater in industry, are part of groups conducting Iranian intelligence activities, and have been seen using a variety of techniques to maintain access to victim networks,” USCYBERCOM said today.

“MuddyWater is an Iranian threat group; previously, industry has reported that MuddyWater has primarily targeted Middle Eastern nations, and has also targeted European and North American nations. MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).”

The cyber-espionage group (aka SeedWorm and TEMP.Zagros) was first spotted in 2017 and is known for mainly targeting Middle Eastern entities and continuously upgrading its arsenal.

Although relatively new, the Iranian-sponsored APT group is highly active, and it targets the telecommunications, government (IT services), and oil industry sectors.

MuddyWater was also observed expanding their attacks to government and defense entities in Central and Southwest Asia, and numerous privately-held and public orgs from North America, Europe, and Asia [123].

Advertisement. Scroll to continue reading.

In collaboration with the FBI, USCYBERCOM’s Cyber National Mission Force (CNMF) has also shared multiple malware samples used by the Iranian hacking group’s operators in espionage and malicious activity.

The samples include multiple variants of PowGoop, a DLL loader designed to decrypt and run a PowerShell-based malware downloader.

JavaScript samples deployed on devices compromised using the PowGoop loader and a Mori backdoor sample featuring DNS tunneling communication capabilities and used in espionage campaigns were also shared today on VirusTotal.

“If you see a combination of these tools, Iranian MOIS actor MuddyWater may be in your network. MuddyWater has been seen using a variety of techniques to maintain access to victim networks,” the US military command added.

“These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.”

Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply



In a nutshell: Atari is celebrating its 50th anniversary with a collection of more than 90 playable games spanning six platforms and generations. Atari...

Online Business Success

By Anna Anisin, founder at DataScience.Salon, overseeing community and business development. getty Since the first quarter of 2020, there has been a major shift...

Loan And Finance

“We’re thrilled to be able to engage these three very talented students in the work we do as a growing global insurance start-up,” said...

Online Business Success

As thought leaders search for a failsafe cybersecurity standard, they’ve realized that a hard shift away from software and toward a hardware solution is...


Interested in learning what’s next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit...

Top Stories

Kieran Warwick created the play-to-earn game Illuvium with his brothers Aaron and Grant — all siblings of DeFi maverick Kain, the founder of Synthetix....


You May Also Like


Introductions get a lot of attention. I’ve explored the topic of how to write them even though as a reader, I always skip them....

Online Business Success

The internet is now our nervous system. We are constantly streaming and buying and watching and liking, our brains locked into the global information...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

Online Business Success

You can think of link building in many ways. I like to call it tedious, painful, and a test of patience. It’s also necessary...