Iran intelligence backdoored US bank, airport, software outfit networks
TL;DR
An Iranian cyber group linked to MOIS has infiltrated networks of U.S. entities, including a bank and airport, using a backdoor since February, with increased activity after U.S.-Israeli strikes. Security firms Symantec and Carbon Black discovered the activity tied to MuddyWater.
Source: The Register
An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple U.S. companies' networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the U.S. and Israeli military strikes, according to security researchers. Symantec and Carbon Black's threat hunting team told The Register that they uncovered the network activity, plus a previously unknown backdoor, after a third-party shared indicators of compromise linked to MuddyWater (aka Seedworm, Static Kitten). MuddyWater is part of the Iranian Ministry of Intelligence and Security (MOIS), and has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018. Full Story