Security News > 2022 > February > Iran's MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks
Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat group in attacks targeting government and commercial networks worldwide.
"MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies said.
MuddyWater is also tracked by the wider cybersecurity community under the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group known for cyber offensives in support of MOIS objectives since roughly 2018.
A follow-on investigation by Cisco Talos late last month also uncovered a previously undocumented malware campaign aimed at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor.
"Additionally, the group uses multiple malware sets - including PowGoop, Small Sieve, Canopy/Starwhale, Mori, and POWERSTATS - for loading malware, backdoor access, persistence, and exfiltration," FBI, CISA, CNMF, and NCSC said.
Other key pieces of malware are Canopy, a Windows Script File used to collect and transmit system metadata to an adversary-controlled IP address, and two backdoors called Mori and POWERSTATS that are used to run commands received from the C2 and maintain persistent access.
News URL
https://thehackernews.com/2022/02/irans-muddywater-hacker-group-using-new.html
Related news
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)