US Cyber Command’s Cyber National Mission Force has identified a new hacking group dubbed MuddyWater and tracked its operations to an Iranian intelligence funded company. The Congressional Research Service (CRS) that conducts surveillance on adversaries confirmed MuddyWater was being funded by the Iranian Ministry of Intelligence and Security(MOIS) having a history of breaching governments networks across the globe and having a developmental hold in the blacklisted NSO Group that developed the dreaded Pegasus Spyware.
Attributing the detected tools such as PowGoop DLL Sideloader and programs running malware, to Mori Backdoor used for DNS tunneling, the Pentagon stated that the group has been active since October 2018 and has successfully targeted over 50 companies from US and Europe so far including few of the multinational telecom entities and oil extracting firms.
Supporting the above stated discovery is the latest press statement released by security firm Mandiant that suggests that it has been tracking Seedworm aka MuddyWater since May 2017 and it is into activities such as digital espionage, cyber attacks, Ddos and ransomware spread.
Note- The newly detected APT first surfaced in 2017 when it targeted companies in Iraq and Saudi Arabia through spear phishing attacks and mainly breaching networks belonging to military and oil distribution networks. At first it targeted businesses from Asia and slowly started to spread its tentacles to Mali, Austria, Russia, Iran and Bahrain and now Europe and the Biden led nation. Interestingly, the code written by the gang seems to be Chinese and Kaspersky has confirmed that the trick was being played to dodge the attention of the international law enforcement agencies and to stay anonymous forever.