Cyberspace awareness

USCYBERCOM Shares Hacking Samples From Iranian Cyberattacks

The U.S. Cyber Command posted over a dozen malware samples to the VirusTotal website on Wednesday to inform organizations about potential Iranian cyberattacks.

USCYBERCOM said in a statement that the samples represent open-source tools that Iranian actors use around the world. The list refers to MuddyWater, a label for suspected Iranian government hacking activities that were spotted as early as 2015. The Congressional Research Service said MuddyWater is an element within the Iranian Ministry of Intelligence and Security, an organization that monitors the government’s opponents and other activists abroad. The warning was issued by the combatant command’s Cyber National Mission Force to improve defense measures against hackers, CyberScoop reported.

MuddyWater is a hacking effort that has targeted countries in the Middle East, Europe, North America and Asia. The group, which is also known as Seedworm, targeted government, media and critical infrastructure organizations as part of its information gathering and espionage efforts. It has also threatened to kill researchers who have discovered its assets.

The latest post is the first instance for the combatant command to issue a warning against Iranian state-based hacking activities.

USCYBERCOM uses VirusTotal to notify entities about potential cyber breach victims and call out cyberspace adversaries. In 2019, the command posted hacking samples related to North Korean government-sponsored hacking activities. It also posted samples associated with Russia’s APT28 hacking group.