Iran-sponsored cyber espionage group MuddyWater is conducting malicious operations against a range of government and private organizations, a report by US and UK says.
The advanced persistent threat (APT) actors have been active across various sectors, including telecommunications, defense, local government, and oil and natural gas, in Asia, Africa, Europe, and North America since approximately 2018.
The report is the result of cooperation among numerous US and UK security and law enforcement agencies and authorities, such as the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), and the UK’s National Cyber Security Centre.
MuddyWater -- also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros – “exploits publicly reported vulnerabilities and uses open-source tools and strategies to gain access to sensitive data on victims’ systems and deploy ransomware” and maintain persistence on victim networks to trick legitimate programs into running malware.
Earlier in January, the US military confirmed that MuddyWater is a subordinate element within Iran's intelligence ministry that steals data from networks around the world, “conducts domestic surveillance to identify regime opponents” and “surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies".
However, a spokesman from the UN mission of the Islamic Republic speaking to Reuters rejected "these baseless allegations and insisted these allegations are part and parcel of the psychological warfare waged against Iran and of no factual or legal value whatsoever”.