CISA Alert AA22-055A – Iranian government-sponsored actors conduct cyber operations against global government and commercial networks.

The FBI, CISA, US Cyber Command Cyber National Mission Force, and the United Kingdom’s National Cyber Security Centre have observed a group of Iranian government-sponsored APT actors, known as MuddyWater, conducting cyber espionage and other malicious cyber operations targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America. 

AA22-055A Alert, Technical Details, and Mitigations

Malware Analysis Report

AA22-055A STIX and Malware Analysis STIX

Iran Cyber Threat Overview and Advisories

NCSC-UK MAR – Small Sieve

CNMF's press release – Iranian intel cyber suite of malware uses open source tools

All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.