US and UK warn of attacks from Iranian ‘MuddyWater’ hacking group
February 24, 2022 – Published on SiliconAngle
The U.S. and U.K. governments today issued a joint cybersecurity advisory warning that an Iranian advanced persistent threat group is conducting cyber espionage and other malicious cyber operations.
The group, known as “MuddyWater” and part of Iran’s Ministry of Intelligence and Security, has been targeting a range of government and private sector organizations in Asia, Africa, Europe and North America. Organizations targeted include those in telecommunications, defense, local government and oil and natural gas.
MuddyWater is also known as Earth Vetala, MERCURY, Static Kitten, Seedworm and TEMP.Zagros. The advanced persistent threat or APT group dates back to 2018 and undertakes broad cyber campaigns supporting Iranian government objectives.
The group exploits publicly reported vulnerabilities and uses open-source tools and strategies to gain access to sensitive data on targeted systems and deeply ransomware.
“While MuddyWater has been around for a while, the new tactics, techniques and procedures uncovered in this CISA Alert are interesting and in line with other actors we’ve seen from Iran,” Drew Schmitt, principal threat intelligence analyst at cybersecurity consulting company GuidePoint Security LLC, told SiliconANGLE. “The severity of this isn’t probably that high, but timing is interesting with the Ukraine cyberattacks and conflict playing out in parallel.”
Schmitt said Iran could be stepping up operations, though he said the rationale is uncertain. “Interestingly, the CISA alert does not seem to say whether this is a trend seen over a period of time or something quite new,” he added.
Read More HERE.