State-sponsored Iranian hackers attack Turkish government, private organizations

A state-sponsored Iranian hacking group has pivoted to attacks against high-profile targets in Turkey. 

This week, cybersecurity researchers from Cisco Talos said that MuddyWater, an advanced persistent threat (APT) group with ties to Iran’s Ministry of Intelligence and Security (MOIS), has been linked to campaigns against private organizations in Turkey alongside the country’s government. 

Active since at least 2017, MuddyWater, also known as Mercury or Static Kitten, has been tied to attacks against organizations in the US, Israel, Europe, and the Middle East in the past. 

Earlier this year, US Cyber Command linked the APT to the Iranian government, saying that MuddyWater is one of many groups “conducting Iranian intelligence activities.”

“MuddyWater is a subordinate element within the MOIS,” US Cyber Command says. “According to the Congressional Research Service, the MOIS “conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies.””

According to Talos researchers Asheer Malhotra and Vitor Ventura, the latest MuddyWater campaign, dating back from November 2021, is utilizing malicious PDFs and Microsoft Office documents as an initial attack vector. 

Phishing emails containing these malicious attachments are spoofed to appear to be from the Turkish Health and

Read More: