Written by AJ Vicens
Jan 12, 2022 | CYBERSCOOP
U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers.
The samples, posted to VirusTotal early Wednesday afternoon, represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement. It’s Cyber Command’s first VirusTotal upload in nine months, according the the agency’s page on the site.
Referring to the actors as “MuddyWater” — the moniker applied to some suspected Iranian government hacking activities dating back to at least 2015 — Cyber Command’s Cyber National Mission Force shared the samples “to better enable defense” against the attackers.
Wednesday’s statement refers to MuddyWater as “a subordinate element” within the Iranian Ministry of Intelligence and Security (MOIS), an arm of the security apparatus focused on both domestic surveillance of regime opponents and anti-regime activists abroad, according to the Congressional Research Service.
It’s the first time the U.S. government has publicly attributed the group to the Iranian government. “There is no specific significance tied to the