US links hacking group MuddyWater with Iranian intelligence agency

US links hacking group MuddyWater with Iranian intelligence agency

The US Cyber ​​Command (USCYBERCOM) has officially linked the Iranian-backed MuddyWatter hacking group to the Iranian Ministry of Intelligence and Security (MOIS).

MOIS is the Iranian government’s primary intelligence agency, tasked with coordinating the country’s intelligence and counterintelligence, as well as covert actions supporting the goals of the Islamic regime beyond Iran’s borders.

“These actors, known as MuddyWater in the industry, are part of groups carrying out Iranian intelligence activities and have been seen using various techniques to maintain access to victim networks,” USCYBERCOM said today.

“MuddyWater is an Iranian threat group; Previously, the industry reported that MuddyWater primarily targets Middle Eastern countries, as well as European and North American countries. MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (VEVAK).

The cyber espionage group (aka SeedWorm and TEMP.Zagros) was first spotted in 2017 and is known to primarily target Middle Eastern entities and continually improve its arsenal.

Although relatively new, the Iran-sponsored APT group is very active and targets the telecommunications, government (IT services) and petroleum industry sectors.

MuddyWater has also been observed expanding its attacks to government and defense entities in Central and Southwest Asia, as well as numerous private and public organizations in North America, Europe and Asia. . [123].

In collaboration with the FBI, the Cyber ​​National Mission Force (CNMF) of USCYBERCOM has also shared several malware samples used by Iranian hacking group operators for espionage and malicious activity.

Examples include several variations of PowGoop, a DLL loader designed to decrypt and run a PowerShell-based malware downloader.

JavaScript samples deployed to compromised devices using the PowGoop loader and a Mori backdoor sample with DNS tunneling communication capabilities used in spy campaigns were also shared today on VirusTotal.

“If you see a combination of these tools, Iranian actor MOIS MuddyWater may be in your network. MuddyWater has been seen using various techniques to maintain access to victim networks,” the US military command said. . added.

“These include sideloaded DLLs to trick legitimate programs into running malware and hide PowerShell scripts to hide command and control functions. “

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Trending this Week