The Iranian cyber-espionage group referred to as MuddyWater continues to focus on long-running operations even after a U.S. airstrike killed General Qassem Soleimani on January 2.
Soleimani was the leader of Quds Force, an elite unit of the Iranian Revolutionary Guards, and his death resulted in escalated tensions between the United States and Iran, yet there have been no reports of cyber-attacks launched in retaliation.
Cyber-retaliation continues to be a probability, and even industrial systems might be at risk, but for now Iranian threat groups appear to focus on their long-running cyber-espionage activity instead, Secureworks’ security researchers say.
“Although there was ballistic missile bombardment of U.S. military personnel in Iraq […], no government-directed cyber retaliation has been observed as of this publication,” the security firm notes in a new report.
Looking into the activity associated with Iran-linked hackers, Secureworks observed that most operations commenced prior to the U.S. drone strike. The campaigns were conducted by MuddyWater, a threat group that is also referred to as COBALT ULSTER, Seedworm, TEMP.Zagros, and Static Kitten.
Active since at least 2017, the group was observed mainly targeting entities in the Middle East and the United States with spear-phishing attacks, and has evolved its toolset and tactics to avoid detection.
Between mid-2019 and mid-January 2020, the threat actor launched numerous spear-phishing attacks on governmental organizations in Turkey, Jordan, and Iraq, and also tar ..
Support the originator by clicking the read the rest link below.
