<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
p.wordsection1, li.wordsection1, div.wordsection1
        {mso-style-name:wordsection1;
        mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman",serif;
        mso-fareast-language:JA;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:1344939482;
        mso-list-template-ids:-1531159960;}
@list l0:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level2
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:1.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level5
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:2.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:3.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level8
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.0in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l0:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:4.5in;
        mso-level-number-position:left;
        text-indent:-.25in;
        mso-ansi-font-size:10.0pt;
        font-family:Symbol;}
@list l1
        {mso-list-id:2043246120;
        mso-list-type:hybrid;
        mso-list-template-ids:1479044340 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level2
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level3
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level4
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level5
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level6
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
@list l1:level7
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Symbol;}
@list l1:level8
        {mso-level-number-format:bullet;
        mso-level-text:o;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:"Courier New";}
@list l1:level9
        {mso-level-number-format:bullet;
        mso-level-text:;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-.25in;
        font-family:Wingdings;}
ol
        {margin-bottom:0in;}
ul
        {margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="wordsection1" style="margin:0in">FYSA<span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<div>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif">The FBI, CISA, the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) have released a (TLP:WHITE) <b><a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-055a">joint
 Cybersecurity Advisory: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks.</a></b></span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif">The advisory details malicious cyber operations by Iranian government-sponsored advanced persistent threat (APT) actors known as MuddyWater. MuddyWater is conducting cyber
 espionage and other malicious cyber operations as part of Iran’s Ministry of Intelligence and Security (MOIS), targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil
 and natural gas—in Asia, Africa, Europe, and North America. <b>Note</b>: MuddyWater is also known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif">This advisory provides observed tactics, techniques, and procedures (TTPs); malware; and indicators of compromise (IOCs) associated with this Iranian government-sponsored
 APT activity to aid organizations in the identification of malicious activity against sensitive networks.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><b><span style="font-family:"Arial",sans-serif"> </span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><b><span style="font-family:"Arial",sans-serif">CISA Recommendations:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="wordsection1" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3">
<span style="font-family:"Arial",sans-serif">Review the <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-055a">joint CSA: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks</a> for technical details
 and mitigations.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></li><li class="wordsection1" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3">
<span style="font-family:"Arial",sans-serif">Review the MuddyWater <a href="https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-055a">
Malware Analysis Report</a>.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></li><li class="wordsection1" style="margin-top:0in;margin-bottom:0in;mso-list:l1 level1 lfo3">
<span style="font-family:"Arial",sans-serif">Review CISA’s <a href="https://www.cisa.gov/uscert/iran">Iran Cyber Threat Overview and Advisories webpage</a> for additional information on Iranian cyber threats.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></li></ul>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif"> </span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif">We kindly request any incidents or anomalous activity related to this advisory be reported to your local FBI field office at
<u><a href="https://urldefense.us/v3/__https:/www.fbi.gov/contact-us/field-offices__;!!BClRuOV5cvtbuNI!UWiI04-4rwTsRoqyuig9jOUi8wH27jtlMOPDRs5LG0d3O9Bzmoswc11bh-NVq4fsG22Mu08$" target="_blank" title="https://www.fbi.gov/contact-us/field-offices">fbi.gov/contact-us/field-offices</a></u>,
 the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by email at <u><a href="mailto:CyWatch@fbi.gov" target="_blank" title="mailto:cywatch@fbi.gov">CyWatch@fbi.gov</a></u>. To request incident response resources or technical assistance related to these
 threats, contact CISA at <u><a href="mailto:Central@cisa.dhs.gov" target="_blank" title="mailto:central@cisa.dhs.gov">Central@cisa.dhs.gov</a></u> or 888-282-0870.</span><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<p class="wordsection1" style="margin:0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="wordsection1" style="margin:0in"><b><span style="color:#1F497D">Theresa A. Masse</span></b><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></b></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
</span><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;font-family:"Calibri",sans-serif;color:#0760C1"><o:p></o:p></span></u></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="wordsection1" style="margin:0in"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image007.png@01D82966.987E0BB0"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p></o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p class="wordsection1" style="margin:0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
</div>
</body>
</html>