cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US Cyber Command identifies Iranian threat

Open-source tools deployed by malicious Iran-based cyber actors have been exposed.

user iconReporter
Thu, 13 Jan 2022
US Cyber Command identifies Iranian threat
expand image

The US Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools leveraged by Iranian intelligence across networks around the world.

Referred to as “MuddyWater” – a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS) – the actors primarily target Middle Eastern nations but have more recently sought to undermine European and North American networks.

According to the Congressional Research Service, the MOIS conducts domestic surveillance to identify regime opponents and surveil anti-regime activists abroad through a network of agents placed in Iran’s embassies.


The US Cyber Command has warned that the presence of multiple open-source tools on the same network could be an indicator of the presence of Iranian malicious cyber actors.

Specifically, methods employed by the state-sponsored actors include sideloading DLLs to trick legitimate programs into running malware and obfuscating PowerShell scripts to hide command and control functions.

Samples of the suite of tools and JavaScript files used by the malicious cyber actors are being posted to alert the site VirusTotal.

This latest announcement from US Cyber Command comes just months after multinational cyber agencies observed an Iranian government-sponsored APT group exploiting Microsoft Exchange vulnerabilities to undermine critical infrastructure.

Iranian government-sponsored APT actors have actively targeted a broad range of victims across both the public and private sector from within the US and in partner nations, including Australia.

The joint cyber security advisory followed a joint investigation among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.