Security News > 2022 > February > Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide.
"MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.
MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.
A follow-on investigation by Cisco Talos late last month also uncovered a previously undocumented malware campaign aimed at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor.
"Additionally, the group uses multiple malware sets - including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS - for loading malware, backdoor access, persistence, and exfiltration," FBI, CISA, CNMF, and NCSC said.
Other key pieces of malware are Canopy, a Windows Script File used to collect and transmit system metadata to an adversary-controlled IP address, and two backdoors called Mori and POWERSTATS that are used to run commands received from the C2 and maintain persistent access.
News URL
https://thehackernews.com/2022/02/irans-muddywater-hacker-group-using-new.html
Related news
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- NoName ransomware gang deploying RansomHub malware in recent attacks (source)
- Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- New RomCom malware variant 'SnipBot' spotted in data theft attacks (source)