Western Security Services: Iranian Hacking Group ‘MuddyWater’ Behind Widespread Cyberattacks

The security services of the United States and Britain say the hacking group known as “MuddyWater” (muddy water), linked to the Islamic Republic, is behind widespread cyberattacks spanning from Asia to Africa, Europe, and North America.

Reuters reported on Thursday, the 5th of Esfand, that investigations by the U.S. Federal Bureau of Investigation, the U.S. Cybersecurity and Infrastructure Security Agency, along with other security agencies of the U.S. and Britain, show that the hacking and espionage group “MuddyWater” linked to the Islamic Republic of Iran is behind extensive and destructive attacks on telecommunications targets, defense, governments, and oil and gas sectors from Asia to Africa, Europe, and North America.

The name of this hacking group has been known to cybersecurity institutions and companies for years, and in January of this year, the U.S. Army Cyber Command for the first time accused the “Ministry of Intelligence” and the “Islamic Revolutionary Guard Corps” of using the “MuddyWater” group to hack computer networks in various parts of the world and strike against “enemies and rivals.”

Some reports indicate that Western security agencies have been monitoring this hacking group since 2017.

This is one of several hacking groups linked to the Islamic Republic that has been exposed by cybersecurity companies and agencies worldwide.

Western countries have repeatedly expressed their concerns about the destructive cyber activities of Iran, Russia, China, and North Korea.

Recently, the cybersecurity company “IBM X-Force” also introduced three major hacking groups threatening cyberspace during 2021, with “MuddyWater” being one of them.

This report described the methods used by these hacking groups as “advanced and evasive,” and stated that they use different methods to keep their activities hidden.

The U.S. Army Cyber Command released last month malicious code used by this hacking group so that companies and governments could have better preparedness for potential cyberattacks by this group.

According to the spokesman for this American agency, revealing these codes is a step to inform organizations in the United States and other parts of the world so they can protect themselves against similar future moves by Iran or other hostile actors.

The security services of the United States and Britain have not precisely stated which countries were targeted by the “MuddyWater” group’s attacks and specifically what projects and institutions were involved, but previously the name of this group was mentioned in cyberattacks from Turkey, Jordan to Israel, the United States, and Europe.

The U.S. Army Cyber Command says that the “MuddyWater” group in recent years has been engaged in efforts to gather data from telecommunications companies and other organizations throughout the Middle East.

Sarah Jones, a senior data analyst at the cybersecurity company “Mandiant,” said in this regard that Iran has deployed multiple teams for espionage, attacks, and information gathering through cyber means.

According to Ms. Jones, the Ministry of Intelligence and the Islamic Revolutionary Guard Corps use these teams to advance the objectives of the Islamic Republic of Iran in line with the Iranian regime’s confrontation with its enemies and rivals throughout the region.

According to analysts, the “MuddyWater” group is one of the key actors in Iran’s cyber espionage system.

Source: Radio Farda