[CDP-development] CISA: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks - TLP: WHITE

Masse, Theresa theresa.masse at cisa.dhs.gov
Thu Feb 24 10:12:17 PST 2022 

FYSA



The FBI, CISA, the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a (TLP:WHITE) joint Cybersecurity Advisory: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks.<https://www.cisa.gov/uscert/ncas/alerts/aa22-055a>



The advisory details malicious cyber operations by Iranian government-sponsored advanced persistent threat (APT) actors known as MuddyWater. MuddyWater is conducting cyber espionage and other malicious cyber operations as part of Iran’s Ministry of Intelligence and Security (MOIS), targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America. Note: MuddyWater is also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros.



This advisory provides observed tactics, techniques, and procedures (TTPs); malware; and indicators of compromise (IOCs) associated with this Iranian government-sponsored APT activity to aid organizations in the identification of malicious activity against sensitive networks.



CISA Recommendations:

  *   Review the joint CSA: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks<https://www.cisa.gov/uscert/ncas/alerts/aa22-055a> for technical details and mitigations.
  *   Review the MuddyWater Malware Analysis Report<https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a>.
  *   Review CISA’s Iran Cyber Threat Overview and Advisories webpage<https://www.cisa.gov/uscert/iran> for additional information on Iranian cyber threats.



We kindly request any incidents or anomalous activity related to this advisory be reported to your local FBI field office at fbi.gov/contact-us/field-offices<https://urldefense.us/v3/__https:/www.fbi.gov/contact-us/field-offices__;!!BClRuOV5cvtbuNI!UWiI04-4rwTsRoqyuig9jOUi8wH27jtlMOPDRs5LG0d3O9Bzmoswc11bh-NVq4fsG22Mu08$>, the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by email at CyWatch at fbi.gov<mailto:CyWatch at fbi.gov>. To request incident response resources or technical assistance related to these threats, contact CISA at Central at cisa.dhs.gov<mailto:Central at cisa.dhs.gov> or 888-282-0870.





Theresa A. Masse

Cyber Security Advisor, Region 10 (Oregon)

Cybersecurity and Infrastructure Security Agency

Department of Homeland Security

Phone: (503) 930-5671

Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>



[cid:image007.png at 01D82966.987E0BB0]




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220224/fa4402ea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.png
Type: image/png
Size: 16152 bytes
Desc: image007.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220224/fa4402ea/attachment-0001.png>

More information about the CDP-development mailing list