Security News > 2022 > February > Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide.
"MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.
MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.
A follow-on investigation by Cisco Talos late last month also uncovered a previously undocumented malware campaign aimed at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor.
"Additionally, the group uses multiple malware sets - including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS - for loading malware, backdoor access, persistence, and exfiltration," FBI, CISA, CNMF, and NCSC said.
Other key pieces of malware are Canopy, a Windows Script File used to collect and transmit system metadata to an adversary-controlled IP address, and two backdoors called Mori and POWERSTATS that are used to run commands received from the C2 and maintain persistent access.
News URL
https://thehackernews.com/2022/02/irans-muddywater-hacker-group-using-new.html
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)