Hackers linked to the Iranian Ministry of Intelligence and Security are exploiting a range of vulnerabilities to conduct cyber espionage and other malicious attacks against organisations around the world, a joint alert by US and UK authorities has warned.
The advisory by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) says an Iranian government-sponsored advanced hacking operation known as MuddyWater is going after a wide range of targets.
These include telecommunications, defence, local government, and oil and natural gas organisations across Asia, Africa, Europe, and North America. According to CISA, the aim of the attacks is to gain access to networks to steal passwords and sensitive information “to share these with other malicious cyber actors”.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
The group are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims’ systems and deploy ransomware, the agencies said. MuddyWater – also known as Earth Vetala, Mercury, Static Kitten and Seedworm – has been active since at least 2018.