MuddyWater declared part of Iranian Ministry of Intelligence and Security, which “conducts domestic surveillance to identify opponents"

BIGSTOCK/Copyright: karenroach

The US Cyber Command (USCYBERCOM) has officially linked Iranian threat group MuddyWater to Iranian intelligence, stating in a new publication that it is a “subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).”

“MuddyWater is an Iranian threat group; previously, industry has reported that MuddyWater has primarily targeted Middle Eastern nations, and has also targeted European and North American nations,” says the CYBECOM announcement, which also mentions that there are other groups conducting Iranian intelligence activities.

Citing information from the Congressional Research Service, the Cyber Command says that the MOIS “conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies."

In collaboration with the FBI, USCYBERCOM has also shared several samples of malware and exacmples open-source tools used by MuddyWater to execute its malicious activities, such as PowGoop variants malware-injected JavaScript.

The Record, by cybersecurity company Recorded Future, states that a command spokesperson declines to comment on how the malicious tools were uncovered, but stated that “what is unique about this disclosure is that it provides a holistic picture of how Iranian malicious cyber actors might be collecting information through use of malware.”

Last month, Symantec’s Threat Hunter team published a report suggesting the MuddyWater (also known as SeedWorm, MERCURY, Statin Kitten and more) is behind a major telecom and IT industry breach attempts in Israel, Jordan, Kuwait, Saudi Arabia, the UAE, Pakistan, Thailand and Laos.