The US military has officially confirmed that Iran's intelligence ministry is connected to the cyber espionage group MuddyWater that steals data from computer networks around the world.
On Wednesday, the US Cyber Command published technical details of multiple open-source hacking tools and malicious codes reportedly used by the Iranian hackers to help organizations in the US and elsewhere can defend themselves from future intrusion attempts.
It is the first time that Washington has explicitly connected Iran's intelligence ministry to such cyber spying operations.
MuddyWater is an Iranian threat group and a “subordinate element” within Iran’s intelligence ministry “that conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies," read a notice by the Cyber National Mission Force Public Affairs.
As examples of the group’s cyberattack and information operations, CNN said MuddyWater carried out a months-long effort to breach government networks in Turkey, Jordan and Iraq that began in 2019 and continued until February 2020.
In December, Iranian state-sponsored hackers also tried to exploit a flaw in the commonly used Java-based logging tool Apache Log4j.
In late October, another Iranian hacking group called Black Shadow attacked an Israeli data and internet company, stealing a large amount of client information and demanding ransom.