Security News > 2022 > February > Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks
2022-02-25 23:01

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide.

"MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.

MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.

A follow-on investigation by Cisco Talos late last month also uncovered a previously undocumented malware campaign aimed at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor.

"Additionally, the group uses multiple malware sets - including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS - for loading malware, backdoor access, persistence, and exfiltration," FBI, CISA, CNMF, and NCSC said.

Other key pieces of malware are Canopy, a Windows Script File used to collect and transmit system metadata to an adversary-controlled IP address, and two backdoors called Mori and POWERSTATS that are used to run commands received from the C2 and maintain persistent access.


News URL

https://thehackernews.com/2022/02/irans-muddywater-hacker-group-using-new.html