Joint Cybersecurity Advisory: Iranian APT MuddyWater

The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK), just published a joint Cybersecurity Advisory outlining activities of the Iranian government-sponsored advanced persistent threat (APT) actors, known as MuddyWater. The APT group MuddyWater has been observed conducting cyber espionage and other malicious cyber activities targeting government and other critical infrastructure entities, across the globe. As part of their malicious activity, MuddyWater exploits publicly reported vulnerabilities alongside open-source tools to gain access to a victim’s network and their sensitive data as well as to deploy ransomware. The advisory includes further technical details regarding this APT group, including indicators of compromise and TTPs, and lists recommended mitigations. The publishing agencies recommend organizations apply the mitigations listed in the advisory. Companies can also review CISA’s Iran cyber threats overview webpage for additional information. Finally, organizations can access CISA’s free cyber hygiene services to help critical infrastructure organizations assess, identify, and reduce their exposure to threats, including ransomware. Access the full advisory at IC3 here.