With the world’s attention focused on Russia’s multifaceted onslaught on Ukraine, Iranian hackers associated with the country’s military intelligence initiated a worldwide cyber espionage operation, the United States and the United Kingdom said in an unprecedented alert delivered over the weekend.
With the Russian invasion under way, digital intrusions and denial-of-service (DDoS) assaults caused havoc on Ukraine. DDoS attacks occur when a hostile cyber threat actor stops authorised users from accessing computer networks, devices, or other data centers.
Russian military-linked hackers were responsible for a series of DDoS attacks last week that momentarily brought down Ukrainian banking and government websites prior to the Russian invasion. Later, in retaliation to the cyber threats, Ukraine has been looking for volunteer hackers to create an ‘IT army’ to execute cyber operations against Russian entities such as corporations, banks, and government agencies.
However, in the midst of their continuous electronic cyber-war, warnings have been sent out against the Iran-linked hacker organisation, MuddyWater.
Who are they?
According to US Cyber Command, this hacking group has been acting in the interests of Iran’s Intelligence and Security Ministry and the Iranian Revolutionary Guard Corps. ‘MuddyWater’, sometimes referred to as SeedWorm, has been functioning under several aliases since at least 2015, targeting victims from Israel, Saudi Arabia, Jordan, the United Arab Emirates, and other Asian nations.
An analytical study reported that the hacker gang undertakes cyber espionage and other hostile cyber activities against a variety of state and corporate entities in areas such as communications, defence, local governments, and oil and gas.
What they can do.
The warning indicates that the organisation specialises in gaining unauthorised access to IT systems and deploying malware by exploiting publicly publicised flaws and open-source technologies. MuddyWater actors are well-positioned to both, give intercepted data and access to the Iranian government and to share this information with other hostile cyber actors.
According to the advisory, MuddyWater has implemented a new Python back channel termed Small Sieve that focuses on providing its users with “basic functionality required to maintain and expand a foothold in victim infrastructure and avoid detection by using custom string and traffic obfuscation schemes in conjunction with the Telegram Bot application programming interface (API).”
The authorities also stated that the group used a variety of viruses, like PowGoop, to execute second-stage invasions on previously compromised networks and systems, allowing it to extract information and get remote access.
Why is the advisory crucial?
The MuddyWater threat comes particularly at a time when Iran has expressed opposition to the conflict in Ukraine but has also stated that it will not openly denounce Russia’s military action, rather condemned NATO’s influence in the region on the West.
Iran’s Foreign Minister Hossein Amirabdollahian stated in a tweet that Iran does not view violence as a means and has urged for an immediate cease-fire as well as a “political and democratic settlement,” without using terminology like “invasion.”
Iran’s relations with Russia have gotten stronger in past few years, owing mostly to disagreements with the West on matters such as the nuclear program. Furthermore, the Iranian president paid a two-day visit to Moscow in January, throughout which both he and Putin pledged admiration for deeper relations.
References
- https://therecord.media/iran-linked-muddywater-carrying-out-digital-attacks-worldwide-u-s-warns/
- https://www.nextgov.com/cybersecurity/2022/02/iran-linked-hackers-conducting-operations-against-government-networks-intel-agencies-warn/362391/
- https://thehackernews.com/2022/02/iranian-hackers-using-new-spying.html
- https://www.haaretz.com/israel-news/tech-news/.premium-in-shadow-of-ukraine-russia-cyberwar-iranian-hackers-go-on-the-offensive-1.10638690
- https://www.thenationalnews.com/mena/iran/2022/02/25/iran-linked-muddywater-group-carrying-out-cyber-attacks-worldwide-says-us/
- https://www.nytimes.com/2022/01/19/world/europe/russia-iran-unity-us.html
Interesting read!
Iran have taken an interesting stance in Ukraine-Russia situation. There is no surprise to see that Iran is kind of supporting Russia, considering their relations. It is scary to see how ‘technology war’ is rising, and how Ukraine wants an ‘IT Army’. It won’t be long when the war will be fought using cyberattacks and IT army, rather than weapons.
That’s true. Iran’s relations with Russia have been strong and they still plan on being allies. The tech war was predicted, because with all the information overload that we face due to the abundance of data, I think the cyberspace was bound to grow and act as means for war.
Good Post! It is intriguing to see that different nations have their own associated “hacker groups” that operate on their behalf (unofficially of course). I’ve found out (by reading another blog post) that Russia has its own group of hackers titled “Sandworm Group” who unofficially operate for them. The means that the MuddyWater group employs to compromise IT infrastructure are interesting. Specifically the
Python backchannel mentioned sounds like an exportable software package, containing malware that is specifically designed to sneak into and disrupt IT infrastructure. The notion that these groups can create “packages” containing detailed programs designed to attack a nation’s infrastructure is alarming at the very least.
It is indeed intriguing to see how every country has their own hacker groups that come into effect during conflicts (not that they do not operate usually). After posting this blog, I read more about MuddyWater’s practices over the years, here, and their work is very interesting.
This post is an interesting example of concerns I believe many people have of other groups or countries taking advantage of the worlds focus being on Russia and Ukraine to launch their own types of attacks as seen by MuddyWater here. I also believe cyberattacks will continue to increase and can have devastating effects as more people begin to realize just how powerful they can be in this era as shown by Russia and Ukraine.
Indeed, The unfortunate conflict between Russia and Ukraine completely shifted the world’s attention to it, and the hacker groups are capitalizing on it. These attacks though, affect the people. Cyberwarfare is bound to increase and also has potential to be the most dominant means for war and conflict around the world.
The authoritarians and their love for cyberwarfare. With the recent post on Russian hacking, I have come to believe that cyber hegemony is a tool for authoritarians to maintain control over their state. Back then, there were individuals that would ensure the loyalty of the people towards their leader. Nowadays, everyone has access to the internet and social media and therefore, it has become a front for authoritarian leaders to dominate by any means necessary. I think in the future, cyberwarfare will be the central theme of all organizations to incorporate and combat at the same time.
Great post! It’s interesting to see that this hacker group MuddyWater which is an Iran hacking group has sort of sided with Russia for this conflict between Russia and Ukraine. It also seems like cyberattacks will continue to be more dangerous resulting in devastating consequences for everyone. as shown by this conflict
Exactly. MuddyWater is an unofficial hacking group that operates on behalf of Iran’s Intelligence. Since, Iran has sided with Russia because of their strategic allegiance, it is possible for MuddyWater to work with Russian hackers to bring down Ukraine and its allies through cyber attacks.
Hey, nice post. It was interesting to see that different nations have their own associated “hacker groups” that operate on their behalf. I knew the relation between Russia and Iran for a very long time. So, this was not surprising to me at all. However, it is very frightening that everyday cyberattacks are increasing and the people that runs the countries are also behind these attacks. I believe in the upcoming days, cyberwarfare will be the central theme for most of the battles between nations, which is really horrifying.
True, I was completely unaware of countries having secret hacking groups that work on their behalf, until I researched for this blog post. It is indeed very difficult to process that cyberattacks are on the rise and countries are behind them (unofficially and officially). Yes, I agree, cyberwarfare does have potential to become the central theme of wars and conflicts, which sounds terrible since nowadays everyone is dependent on tech, data, and information and if cyberwars happened, the common individual would be rendered helpless.
Best Post! Cyberwarfare’ is used in a broad context to denote interstate use of technological force within computer networks in which information is stored, shared, or communicated online.
I have been keeping up with the current events in Russia and Ukraine. While reading the news, I actually thought about if there were any cyber groups that took advantage of the situation and planned some cyber attacks. So it was great to see a post about this. I think cybersecurity with regards to countries and sensitive information is vital. I have seen videos in Ukraine where physical documents were being shredded. If they have sensitive information that is related to the country’s affairs and security stored digitally and someone else gets access to that, this can lead to many other issues. I think cyberwarfare is one of the biggest tools in the modern world but I feel like there isn’t enough coverage for it in mainstreams news.
Agreed. It is very interesting to know that countries and cyber groups that have not actively participated in the conflict, still have contributed unofficially. I was unaware of the fact that physical documents were shredded to avoid data leaks in Ukraine. This actually means that data, is prone to get leaked, even if it is on paper, or on digital systems.
Good post! With how technologies are integrated in our lives nowadays, it’s expected that the cyber community would somehow be involved in the tragic Russia-Ukraine situation. However, while the people in Russia can use such attacks can be used to stand up against their government, the idea of an “IT army” is not exclusive to Ukraine. Going forward, cyberwarfare is likely to play a more and more crucial role in political and organizational conflicts.
True. The cyberspace has become a means for conflict and would continue to become the main theme for war, especially in these times. It is actually interesting to see how every country has their own hacker groups that come into effect during conflicts (not that they do not operate usually). This does mean that the concept of an IT army, is not exclusive to Ukraine since a lot of countries already have their own unofficial IT armies.