• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
us cyber command links 'muddywater' hacking group to iranian intelligence

US Cyber Command Links ‘MuddyWater’ Hacking Group to Iranian Intelligence

You are here: Home / General Cyber Security News / US Cyber Command Links ‘MuddyWater’ Hacking Group to Iranian Intelligence
January 13, 2022

The U.S. Cyber Command (USCYBERCOM) on Wednesday formally verified MuddyWater’s ties to the Iranian intelligence equipment, even though at the same time detailing the various instruments and techniques adopted by the espionage actor to burrow into sufferer networks.

“MuddyWater has been observed employing a wide variety of procedures to maintain entry to target networks,” USCYBERCOM’s Cyber National Mission Drive (CNMF) stated in a statement. “These include side-loading DLLs in purchase to trick authentic systems into running malware and obfuscating PowerShell scripts to cover command and handle functions.”

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The agency characterized the hacking attempts as a subordinate aspect inside of the Iranian Ministry of Intelligence and Security (MOIS), corroborating earlier studies about the nation-state actor’s provenance.

Also tracked under the monikers Static Kitten, Seedworm, Mercury and TEMP.Zagros, MuddyWater is known for its attacks largely directed against a huge gamut of entities in governments, academia, cryptocurrency, telecommunications, and oil sectors in the Center East. The team is believed to have been active at least since 2017.

Modern intrusions mounted by the adversary have involved exploiting the ZeroLogon (CVE-2020-1472) vulnerability as very well as leveraging remote desktop administration applications such as ScreenConnect and Remote Utilities to deploy custom made backdoors that could help the attackers to gain unauthorized access to sensitive facts.

Prevent Data Breaches

Very last month, Symantec’s Risk Hunter Team publicized findings about a new wave of hacking pursuits unleashed by the Muddywater group towards a string of telecom operators and IT throughout the Center East and Asia during the former 6 months using a blend of respectable resources, publicly accessible malware, and living-off-the-land (LotL) procedures.

Also integrated into its toolset is a backdoor named Mori and a piece of malware identified as PowGoop, a DLL loader made to decrypt and run a PowerShell-based script that establishes network communications with a distant server.

Malware samples attributed to the superior persistent danger (APT) have been designed available on the VirusTotal malware aggregation repository, which can be accessed here.

“Assessment of MuddyWater action suggests the group carries on to evolve and adapt their strategies,” SentinelOne researcher Amitai Ben Shushan Ehrlich claimed. “Although however relying on publicly readily available offensive security tools, the group has been refining its personalized toolset and utilizing new procedures to keep away from detection.”

Identified this article interesting? Comply with THN on Facebook, Twitter  and LinkedIn to examine additional unique information we write-up.


Some pieces of this report are sourced from:
thehackernews.com

Previous Post: «apple releases iphone and ipad updates to patch homekit dos Apple Releases iPhone and iPad Updates to Patch HomeKit DoS Vulnerability
Next Post: Meeting Patching-Related Compliance Requirements with TuxCare meeting patching related compliance requirements with tuxcare»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Report Explores Child’s Data Safety Legislation Across 50 Countries
  • India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
  • Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
  • 18 Oil and Gas Companies Take Cyber Resilience Pledge
  • Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
  • Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers
  • The Added Dangers Privileged Accounts Pose to Your Active Directory
  • Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
  • DuckDuckGo CEO defends platform after Microsoft online tracker agreement uncovered
  • Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader

Copyright © TheCyberSecurity.News, All Rights Reserved.