Security News > 2022 > January > US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
2022-01-13 17:35

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit.

On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.

Among multiple malware sets, MuddyWater is using new variants of the PowGoop malware family, CNMF said.

MuddyWater Tunneling Activity: "The operators behind MuddyWater activities are very fond of tunneling tools," SentinelOne's Ehrlich wrote.

MuddyWater attackers are using tunneling tools including Chisel, SSF and Ligolo: tools that enable the threat actor to connect to machines within target environments as if they were inside the operator LAN, he explained.

The group doesn't have to be fancy to be effective, he noted: "Like many other Iranian threat actors, the group displays less sophistication and technological complexity compared to other state-sponsored APT groups. Even so, it appears MuddyWater's persistency is a key to their success, and their lack of sophistication does not appear to prevent them from achieving their goals."

News URL