CISA Alert AA22-055A – Iranian government-sponsored actors conduct cyber operations against global government and commercial networks.
The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Iranian government-sponsored APT actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.
AA22-055A Alert, Technical Details, and Mitigations
AA22-055A STIX and Malware Analysis STIX
Iran Cyber Threat Overview and Advisories
CNMF's press release – Iranian intel cyber suite of malware uses open source tools
All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at firstname.lastname@example.org or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.