Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide.

“MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” the agencies said.

The joint advisory comes courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the U.K.’s National Cyber Security Centre (NCSC).

The cyberespionage actor was outed this year as conducting malicious operations as part of Iran’s Ministry of Intelligence and Security (MOIS) targeting a wide range of government and private-sector organizations, including telecommunications, defense, local government, and oil and natural gas sectors, in Asia, Africa, Europe, and North America.

MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.

Besides exploiting publicly reported vulnerabilities, the hacking collective has been historically observed employing open-source tools to gain access to sensitive data, deploy ransomware, and achieve persistence on victim networks. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *