{"id":2224,"date":"2022-03-01T17:51:37","date_gmt":"2022-03-02T00:51:37","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2224"},"modified":"2022-03-01T17:55:08","modified_gmt":"2022-03-02T00:55:08","slug":"in-the-wake-of-ukraine-russia-cyberwar-muddywater-an-iran-backed-hacking-group-has-been-waging-global-cyber-attacks","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/01\/in-the-wake-of-ukraine-russia-cyberwar-muddywater-an-iran-backed-hacking-group-has-been-waging-global-cyber-attacks\/","title":{"rendered":"In the wake of Ukraine-Russia Cyberwar, ‘MuddyWater,’ an Iran-backed hacking group,\u00a0has been waging global cyber-attacks"},"content":{"rendered":"\n

With the world’s attention focused on Russia’s multifaceted onslaught on Ukraine, Iranian hackers associated with the country’s military intelligence initiated a worldwide cyber espionage operation, the United States and the United Kingdom said in an unprecedented alert delivered over the weekend.<\/p>\n\n\n\n

With the Russian invasion under way, digital intrusions and denial-of-service (DDoS) assaults caused havoc on Ukraine. DDoS attacks occur when a hostile cyber threat actor stops authorised users from accessing computer networks, devices, or other data centers.<\/p>\n\n\n\n

Russian military-linked hackers were responsible for a series of DDoS attacks last week that momentarily brought down Ukrainian banking and government websites prior to the Russian invasion. Later, in retaliation to the cyber threats, Ukraine has been looking for volunteer hackers to create an ‘IT army’ to execute cyber operations against Russian entities such as corporations, banks, and government agencies.<\/p>\n\n\n\n

However, in the midst of their continuous electronic cyber-war, warnings have been sent out\u00a0against the Iran-linked hacker organisation, MuddyWater<\/strong>.<\/p>\n\n\n\n

\"\"
The Iran-linked cyber operations group, dubbed MuddyWater, is targeting government and private-sector organisations across sectors in Asia, Africa, Europe and North America.<\/a><\/figcaption><\/figure><\/div>\n\n\n\n

Who are they?<\/strong><\/h4>\n\n\n\n

According to US Cyber Command, this hacking group has been acting in the interests of Iran’s Intelligence and Security Ministry and the Iranian Revolutionary Guard Corps. ‘MuddyWater’, sometimes referred to as SeedWorm, has been functioning under several aliases since at least 2015, targeting victims from Israel, Saudi Arabia, Jordan, the United Arab Emirates, and other Asian nations.<\/p>\n\n\n\n

An analytical study reported that the hacker gang undertakes cyber espionage and other hostile cyber activities against a variety of state and corporate entities in areas such as communications, defence, local governments, and oil and gas.<\/p>\n\n\n\n

<\/p>\n\n\n\n

What they can do.<\/h4>\n\n\n\n

The warning indicates that the organisation specialises in gaining unauthorised access to IT systems and deploying malware by exploiting publicly publicised flaws and open-source technologies. MuddyWater actors are well-positioned to both, give intercepted data and access to the Iranian government and to share this information with other hostile cyber actors.<\/p>\n\n\n\n

According to the advisory, MuddyWater has implemented a new Python back channel termed Small Sieve that focuses on providing its users with “basic functionality required to maintain and expand a foothold in victim infrastructure and avoid detection by using custom string and traffic obfuscation schemes in conjunction with the Telegram Bot application programming interface (API).”<\/p>\n\n\n\n

The authorities also stated that the group used a variety of viruses, like PowGoop, to execute second-stage invasions on previously compromised networks and systems, allowing it to extract information and get remote access.<\/p>\n\n\n\n

<\/p>\n\n\n\n

Why is the advisory crucial?<\/h4>\n\n\n\n

The MuddyWater threat comes particularly at a time when Iran has expressed opposition to the conflict in Ukraine but has also stated that it will not openly denounce Russia’s military action, rather condemned NATO’s influence in the region on the West.<\/p>\n\n\n\n

Iran’s Foreign Minister Hossein Amirabdollahian stated in a tweet that Iran does not view violence as a means and has urged for an immediate cease-fire as well as a “political and democratic settlement,” without using terminology like “invasion.”<\/p>\n\n\n\n

Iran’s relations with Russia have gotten stronger in past few years, owing mostly to disagreements with the West on matters such as the nuclear program. Furthermore, the Iranian president paid a two-day visit to Moscow in January, throughout which both he and Putin pledged admiration for deeper relations.<\/p>\n\n\n\n

\"\"
A photograph released by Russian state media shows Vladimir V. Putin, left, and President Ebrahim Raisi of Iran at a meeting, when the Iranian President visited Moscow in January 2022.<\/a><\/figcaption><\/figure><\/div>\n\n\n\n

References<\/h4>\n\n\n\n