Details on the recent activities of Iranian digital espionage and hacking networks have been shared by US authorities in a bid to “better enable defense against malicious cyber actors”.
Known in industry parlance as MuddyWater groups, these entities carry out surveillance and infiltration activities online targeting potential victims in Europe, the Middle East and America. Working under the Ministry of Intelligence, they try to identify regime opponents and surveil them via what US Cyber Command called a “network of agents placed in Iran’s embassies”.
As part of this, US Cyber Command shared a number of filenames already linked to Iranian cyber-crime. These included one called goopdate.dll, libpcre2-8-0.dll & vcruntime140.dll, both linked to espionage and ransomware, and other variants that could allow an attacker to remotely command and control functions.
For more information, see US Cyber Command’s full release.