It’s the first time, according to a command spokesperson, that the US government has explicitly connected Iran’s intelligence ministry with a prolific espionage group known as MuddyWater that has in recent years tried to siphon data from telecom firms and other organizations across the Middle East.
It’s part of a regular effort by Cyber Command and other US agencies to highlight hacking tools allegedly used by foreign intelligence services from Russia, China, Iran and North Korea to blunt the effects of their spying operations.
Cyber Command published several samples of malicious code allegedly used by the Iranian hackers, to help organizations in the US and elsewhere defend themselves from future intrusion attempts. A Cyber Command spokesperson declined to comment on whether the malware had been used against US organizations recently.
A spokesperson for Iran’s mission to the United Nations did not immediately respond to a request for comment.
“Iran fields multiple teams that conduct cyber espionage, cyberattack and information operations,” said Sarah Jones, senior principal analyst at cybersecurity firm Mandiant. “The security services that sponsor these actors, the MOIS and the IRGC, are using them to get a leg up on Iran’s adversaries and competitors all over the world.”
MuddyWater has been a key component of Iran’s cyber-espionage apparatus, according to analysts. The hackers, for example, carried out a months-long effort to breach government networks in Turkey, Jordan and Iraq that began in 2019 and continued after the US military’s killing of a top Iranian general in January 2020.
The group has also tried to breach organizations in North America, but there is less publicly available information on those hacks.