September 30, 2022

Robotic Notes

All technology News

US and UK warn of attacks from Iranian ‘MuddyWater’ hacking group

2 min read



The US and UK governments today issued a joint cybersecurity advisory warning that an Iranian advanced persistent threat group is conducting cyber espionage and other malicious cyber operations.

The group, known as “MuddyWater” and part of Iran’s Ministry of Intelligence and Security, has been targeting a range of government and private sector organizations in Asia, Africa, Europe and North America. Targeted organizations include those in telecommunications, defense, local government and oil and natural gas.

MuddyWater is also known as Earth Vetala, MERCURY, Static Kitten, Seedworm and TEMP.Zagros. The advanced persistent threat or APT group dates back to 2018 and undertakes broad cyber campaigns supporting Iranian government objectives.

The group exploits publicly reported vulnerabilities and uses open-source tools and strategies to gain access to sensitive data on targeted systems and deeply ransomware.

Having exploited vulnerabilities, MuddyWater primarily deploys new variants of PowGoop malware as their main loader in malicious operations. PowGoop consists of a so-called dynamic link library loader and a PowerShell-based downloader and impersonates a legitimate file that is signed as a Google Update executable file.

The joint advisory was issued by the US Federal Bureau of Investigation, the Department of Homeland Security’s Cybersecurity and Infrastructure Agency, the US Cyber ​​Command Cyber ​​National Mission Force and the UK National Cyber ​​Security Center.

“Iranian government-sponsored actors are consistently targeting government and commercial networks through multiple means, including exploiting known vulnerabilities and spear phishing,” a CISA spokesperson said. “We are committed to identifying nation-state threats to our critical infrastructure and helping organizations reduce their cyber risk.”

Iranian state-sponsored hacking campaigns were last in the news in January when another group, known as APT 35, Phosphorous and Charming Kitten, was found to be actively exploiting vulnerabilities in Apache Log4j.

“While MuddyWater has been around for a while, the new tactics, techniques and procedures uncovered in this CISA Alert are interesting and in line with other actors we’ve seen from Iran,” Drew Schmitt, principal threat intelligence analyst at cybersecurity consulting company GuidePoint Security LLC, told SiliconANGLE. “The severity of this isn’t probably that high, but timing is interesting with the Ukraine cyberattacks and conflict playing out in parallel.”

Schmitt said Iran could be stepping up operations, although he said the rationale is uncertain. “Interestingly, the CISA alert does not seem to say whether this is a trend seen over a period of time or something quite new,” he added.

Photo: Get Archive

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.



Source link