Details on the recent activities of Iranian digital espionage and hacking networks have been shared by US authorities in a bid to “better enable defense against malicious cyber actors”.
Known in industry parlance as MuddyWater groups, these entities carry out surveillance and infiltration activities online targeting potential victims in Europe, the Middle East and America. Working under the Ministry of Intelligence, they try to identify regime opponents and surveil them via what US Cyber Command called a “network of agents placed in Iran’s embassies”.
The body’s Cyber National Mission Force published a list of typical activities seen in Iranian cyber-actors, so that other network operators could look out for them. They include loading Dynamic Link Libraries or DLLs – types of file that contain instructions other programs can call on to carry out certain tasks – with malware and JavaScript files used to set up connections back to malicious servers.
As part of this, US Cyber Command shared a number of filenames already linked to Iranian cyber-crime. These included one called goopdate.dll, libpcre2-8-0.dll & vcruntime140.dll, both linked to espionage and ransomware, and other variants that could allow an attacker to remotely command and control functions.
For more information, see US Cyber Command’s full release.
comments