US cyber official announces identification of several malware used by Iran's Ministry of Intelligence

The United States Cyber ​​Command announced on Wednesday, January 12, the identification and disclosure of several open-source malware tools used by Iranian intelligence forces in networks around the world.

According to a statement released by the US Cyber ​​Command, “these actors, known as Madwater, are part of groups that conduct intelligence activities for the Islamic Republic” and use a variety of techniques to maintain access to their victims’ networks.

This is the first time that the United States government has openly attributed the activities of "Muddywater" to the Ministry of Intelligence of the Islamic Republic of Iran.

Chris Inglis, the National Cyber ​​Director and Senior Advisor to the President of the United States for Cyber ​​Policy and Strategy, tweeted praise for the success of the National Cyber ​​Task Force teams in disrupting hostile activities by exposing tactics, techniques, and procedures.

According to him, the collaboration between the FBI and the US Cyber ​​Command in exposing Iran's cyber campaigns is a perfect example of how Americans are stronger when united.

"Muddywater" is an Iranian threat actor that, according to previous reports, has targeted governments in the Middle East, Europe, and North America.

The group is a subsidiary of the Islamic Republic’s Ministry of Intelligence, according to a statement from the U.S. Cyber ​​Command. The statement went on to cite an investigative report submitted to Congress that found that the Islamic Republic’s Ministry of Intelligence “conducts domestic surveillance to identify regime opponents. [The ministry] also monitors anti-regime activists abroad through its networks of agents in Iranian embassies.”

At the end of the statement, several aspects of how the threat actor uses malware on networks are introduced.

Source: Voice of America