Iran-backed hackers now active to deliver ransomware globally

As Russia goes to war against Ukraine, hackers linked to the Iranian Ministry of Intelligence and Security are exploiting bugs to conduct cyber espionage and other malicious attacks against organisations globally including in Asia, the US and the UK, cyber and law authorities have warned.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom's National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater.

"It is conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors - including telecommunications, defense, local government, and oil and natural gas - in Asia, Africa, Europe, and North America," the agencies said in a statement late on Thursday.

According to CISA, the aim of the attacks is to gain access to networks to steal passwords and sensitive information "to share these with other malicious cyber actors".


MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).

"This APT group has conducted broad cyber campaigns in support of MOIS objectives since approximately 2018. aMuddyWater' actors are positioned both to provide stolen data and access to the Iranian government and to share these with other malicious cyber actors," said the agencies.

MuddyWater actors are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims' systems and deploy ransomware.


The authorities have recommended organisations to apply the mitigations in this advisory and review the following resources for additional information. - IANS