This post is also available in: עברית (Hebrew)
Iranian-linked hackers are behind cyber espionage aimed at a number of sectors, including defense, local government, oil and gas, as well as worldwide communications networks, according to U.S. and UK government agencies. Since 2018, the US has provided a similar warning, mentioning that the hacker group’s activities had been observed in Africa, Asia, Europe, and North America.
These agencies claim that the MuddyWater group is providing stolen information to the Iranian government as well as sharing it with other malicious cyber groups. Madiwater has a history of espionage accusations, primarily against Middle Eastern targets, but also elsewhere: Just recently, the United States warned that the group was involved in the Russian invasion of Ukraine, an issue evidently of concern to it.
According to CISA, Iran-funded groups have been consistently attacking government and commercial networks through a variety of methods, including exploiting known vulnerabilities and repeatedly attempting Spear Phishing attacks. According to cyberscoop.com, despite the Iranian hacker group’s existence since at least 2017, recent years have revealed that the group has incorporated legitimate tools and software into its regular course of action, including software that is known for having non-malicious uses.
An important feature of the MuddyWater Group, however, is their awareness and responsiveness to public statements. This was evident in a case where security laws discovered a typo in the group’s malware, a mistake they posted on Twitter. In a short time, a typo in the software was fixed, demonstrating the alertness of the attackers. The question now is whether they will respond to this public statement and start over from scratch or continue unabated.