"An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies' networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers."
"The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and UK National Cyber Security Centre (NCSC) say MuddyWater is part of the Iranian Ministry of Intelligence and Security (MOIS), and has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018."
"Already having a presence on US and Israeli networks prior to the current hostilities beginning places the threat group in a potentially dangerous position to launch attacks"
Security researchers from Symantec and Carbon Black discovered that MuddyWater, a cyber crew affiliated with Iran's Ministry of Intelligence and Security, has maintained network access across multiple US organizations since early February. The compromised entities include a bank, software company, airport, and nonprofits in the US and Canada. The software firm supplies technology to defense and aerospace industries and operates in Israel. Researchers identified a previously unknown backdoor called Dindoor on networks in Israel, the US bank, and a Canadian nonprofit. The Israeli operation appears to be the primary target. Increased activity occurred following recent US and Israeli military strikes, positioning the threat group to potentially launch attacks from their established network presence.
#iranian-cyber-espionage #muddywater-apt #network-compromise #critical-infrastructure-targeting #dindoor-backdoor
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]