Security News > 2022 > January > US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
The U.S. Cyber Command on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks.
"MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force said in a statement.
"These include side-loading DLLs in order to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions."
Last month, Symantec's Threat Hunter Team publicized findings about a new wave of hacking activities unleashed by the Muddywater group against a string of telecom operators and IT companies throughout the Middle East and Asia during the previous six months using a blend of legitimate tools, publicly available malware, and living-off-the-land methods.
"Analysis of MuddyWater activity suggests the group continues to evolve and adapt their techniques," SentinelOne researcher Amitai Ben Shushan Ehrlich said.
"While still relying on publicly available offensive security tools, the group has been refining its custom toolset and utilizing new techniques to avoid detection."
News URL
https://thehackernews.com/2022/01/us-cyber-command-links-muddywater.html
Related news
- Iranian charged over attacks against US defense contractors, government agencies (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- US govt sanctions Iranians linked to government cyberattacks (source)
- US charges Iranians with cyber snooping on government, companies (source)