Open-source tools deployed by Iranian cyber actors to monitor regime opponents have been identified.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The US Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools leveraged by Iranian intelligence across networks around the world.
Referred to as ‘MuddyWater’ — a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS) — the actors primarily target Middle Eastern nations, but have more recently sought to undermine European and North American networks.
According to the Congressional Research Service, the MOIS conducts domestic surveillance to identify regime opponents and surveil anti-regime activists abroad through a network of agents placed in Iran’s embassies.
The US Cyber Command has warned that the presence of multiple open-source tools on the same network could be an indicator of the presence of Iranian malicious cyber actors.
Specifically, methods employed by the state-sponsored actors include side-loading DLLs to trick legitimate programs into running malware, and obfuscating PowerShell scripts to hide command and control functions.
Samples of the suite of tools and JavaScript files used by the malicious cyber actors are being posted to alert site Virus Total.
This latest announcement from US Cyber Command comes just months after multinational cyber agencies observed an Iranian government-sponsored APT group exploiting Microsoft Exchange vulnerabilities to undermine critical infrastructure.
Iranian government-sponsored APT actors have actively targeted a broad range of victims across both the public and private sector from within the US and in partner nations, including Australia.
The joint cyber security advisory followed a joint investigation among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).
[Related: How will the Five Eyes combat cyber threats in 2022?]