Iran-backed hackers now active to deliver ransomware globally


San Francisco, Feb 25 (IANS): As Russia goes to war against Ukraine, hackers linked to the Iranian Ministry of Intelligence and Security are exploiting bugs to conduct cyber espionage and other malicious attacks against organisations globally including in Asia, the US and the UK, cyber and law authorities have warned.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom's National Cyber Security Centre (NCSC-UK) have observed a group of Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater.

"It is conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organisations across sectors - including telecommunications, defense, local government, and oil and natural gas - in Asia, Africa, Europe, and North America," the agencies said in a statement late on Thursday.

According to CISA, the aim of the attacks is to gain access to networks to steal passwords and sensitive information "to share these with other malicious cyber actors".

MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS).

"This APT group has conducted broad cyber campaigns in support of MOIS objectives since approximately 2018. aMuddyWater' actors are positioned both to provide stolen data and access to the Iranian government and to share these with other malicious cyber actors," said the agencies.

MuddyWater actors are known to exploit publicly reported vulnerabilities and use open-source tools and strategies to gain access to sensitive data on victims' systems and deploy ransomware.

The authorities have recommended organisations to apply the mitigations in this advisory and review the following resources for additional information.

 

  

Top Stories


Leave a Comment

Title: Iran-backed hackers now active to deliver ransomware globally



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.