US Cyber Command Announces Discovery of Malware Used by Iran’s Intelligence Ministry

The United States Cyber Command announced on Wednesday, December 22, the identification and disclosure of several open-source malware tools used by Iranian intelligence forces across networks worldwide.

According to a statement released by US Cyber Command, “these actors, known as MuddyWater, are part of groups carrying out intelligence activities for the Islamic Republic,” and employ various techniques to maintain access to their victims’ networks.

This is the first time the US government has openly attributed MuddyWater activities to Iran’s Ministry of Intelligence.

Chris Inglis, the National Cyber Director and Senior Advisor to the US President on Cyber Policy and Strategy, praised the success of the National Cyber Mission Force teams in disrupting hostile activities by exposing tactics, techniques, and procedures in a tweet.

According to him, cooperation between the FBI and US Cyber Command in exposing Iran’s cyber campaigns is a perfect example of how Americans are stronger when united.

MuddyWater is an Iranian threat actor that, according to previous reports, has targeted governments in the Middle East, Europe, and North America.

According to the US Cyber Command statement, this group is a subset of the Islamic Republic’s Ministry of Intelligence. The statement further references an investigative report submitted to Congress, which states that the Islamic Republic’s Ministry of Intelligence “conducts domestic surveillance to identify regime opponents. [This ministry] also monitors anti-regime activists abroad through networks of its agents in Iranian embassies.”

At the end of the statement, several aspects of how the threat actor uses malware in networks are presented.

Source: Voice of America