Iran-Linked Hackers Probing US Networks, Intel Agencies Warn

Active “cyber operations against government and commercial networks” may seek to take advantage of defenders' focus on Russia.

With the world’s eyes on Russia’s multipronged attack on Ukraine—including hackers attacking and disabling Ukrainian government and financial websites—the U.S. government issued a warning Thursday that Iranian government-sponsored hackers are conducting active “cyber operations against government and commercial networks.”

An advisory issued by the FBI, NSA, Cybersecurity and Infrastructure Security Agency and United Kingdom’s cyber apparatus indicates the Iran-linked hackers known as “MuddyWater” are “conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors.”

The advisory indicates the group is targeting telecommunications, defense, local government, and the oil and natural gas industries in North America, Europe, Asia and Africa. Muddywater, the advisory notes, is a “subordinate element within the Iranian Ministry of Intelligence and Security.” The group specializes in exploiting publicly reported vulnerabilities and open-source tools to gain unauthorized access to IT systems and deploy malware

“MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” the advisory states.

The advisory contains technical mitigations government and private sector can apply to shore up their systems.

The warning comes as U.S. cyber officials work to improve Ukraine’s cyber defenses and monitor hacking threats from Russia.