The Pentagon’s cybersecurity arm on Wednesday said it has tied a hacking group known as MuddyWater to Iranian intelligence.
In doing so, US Cyber Command also identified several open-source software tools being used by the hacking group and disclosed them in an effort to thwart further attacks. MuddyWater allegedly used the tools to gain access to global computer networks.
A US Cyber Command spokeswoman said disclosure of the hacking group provides a “holistic picture of how Iranian hackers might be collecting information through the use of malware. The cyber agency described MuddyWater as operating under the Iranian Ministry of Intelligence and Security.
The Iranian intelligence agency identifies political opponents through domestic surveillance and “surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies, according to US Cyber Command, citing research from the Congressional Research Service.
Iran’s foreign ministry didn’t immediately respond Wednesday to a request seeking comment.
“Iran fields multiple teams that conduct cyber espionage, cyberattack and information operations, said Sarah Jones, the principal analyst for threat intelligence at the cybersecurity firm Mandiant Inc.
She said Iran’s security services that support these attackers, including its intelligence ministry and the Islamic Revolutionary Guard Corps, “are using them to get a leg up on Iran’s adversaries and competitors all over the world.