The US Cyber Command’s Cyber National Mission Force has identified the MuddyWater hacking group as an operation funded by the government of Iran, possibly under the Iranian Ministry of Intelligence and Security (MOIS).
The U.S. government has said MOIS conducts internal surveillance to identify opponents of the regime, in addition to monitoring the activity of foreign actors. In its report, US Cyber Command points out that this group is characterized by using the PowGoop DLL side loader, which allows you to trick legitimate software into running malware and hide your C&C communications.
This group was first identified in 2017 by researchers at security firm Mandiant: “Iran controls various cyber espionage operations, cyberattacks and theft of sensitive information. The security services that sponsor these groups (IRGC and MOIS) use them to gain a strategic advantage against their local opponents and in other countries,” the experts’ report said.
In its first attacks, MuddyWater was noted for targeting various targets in the Middle East, including government agencies, telecommunications companies and oil companies. Their most recent attacks targeted private companies in Europe and North America.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.