EclecticIQ

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

Our Ecosystem

An ecosystem supporting our customers' intelligence-led proactive cybersecurity needs with collaborative partner programs delivering world-class joint solutions. 

Partner Program

Partner with EclecticIQ to bring valuable and innovative security solutions and services to end users. Open to all partner types, including technology developers, service providers, resellers, and community.

Our Partnerships

We partner with the world's premier technology and solution providers to support all phases of your cybersecurity needs. Explore all our partners' solutions and offerings to build and extend your cyber defense ecosystem.

EclecticIQ Resources

We are committed to increasing the knowledge and capabilities of the cybersecurity community through our research & analysis efforts and open source projects.

Browse Resources

Learn more about our technology, solutions and services, and stay updated on the cyber threat landscape with our research reports, webinars and other information.

Open Source Projects

We are proud to be an active member in the open source community and to help develop and advance progress of security technology. Learn more about contributions or go directly to our GitHub page.

MuddyWater APT attributed to Iranian Ministry of Intelligence and Security, and the Increasing Global Ransomware Threat

This issue of the Analyst Prompt looks at a newly reported Iranian APT group and the increasing globalized threat of ransomware.

EclecticIQ Threat Research Team March 14, 2022

Threat Actor Update: Iranian State Sponsored APT Conducts Cyber Espionage and Ransomware Activities

EclecticIQ researchers assess MuddyWater is a well-funded, state supported, and skilled adversary group based on the variety of tactics, tools, and targets used by the group which can cause significant damage to both government and enterprises through data theft and ransomware.

MuddyWater is the first APT group attributed as a subordinate element to the Iranian Ministry of Intelligence and Security (MOIS) by The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC-UK). MuddyWater has been observed conducting cyber espionage and other cyber activities targeting telecommunication, defense, government, oil and natural gas in Asia, Europe, and North America since approximately 2018 [1].

The attribution of MuddyWater to MOIS likely signals the growth of Iranian cyber capabilities. According to a report by the US Federal Research Division, MOIS is the most powerful and well supported ministry of all Iranian ministries and ranks as “one of the largest and most dynamic intelligence agencies in the Middle East.” [2]

EclecticIQ Researchers assess it is likely MuddyWater will target strategic government agencies, organizations and individuals that have contrasting interests or have dissented with the leadership of Iran. In 2017, MOIS’s powers and responsibilities were formally expanded [3]. The increase of activities abroad has included extensive monitoring and targeting of dissidents and defectors according to the Washington Institute for Near East Policy.

The actor is known to utilize spearphising, exploit publicly known vulnerabilities and use open-source tools to gain access to sensitive data and deploy ransomware. Spearphishing campaigns have lured victims into downloading ZIP files containing a macro enabled Excel document or a PDF file that drops a malicious file to initiate command and control (C2) communications [1].

Once initial access is established, MuddyWater utilizes a variety of malware to accomplish its objectives. The malware suit includes: [1]

  • PowGoop
  • Small Sieve
  • Canopy
  • Mori
  • POWERSTATS
  • Survey Scripts
  • Custom PowerShell Backdoor

MuddyWater may also be known as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros by various vendors.

Policy and Governance: Joint Advisory Shows Increased Globalized Threat of Ransomware

A joint advisory released by the United States, UK and Australian cyber security authorities reports an increase in 2021 of “sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.” [4] According to the report, ransomware tactics continued to evolve in 2021 which demonstrated the continued technical growth of threat actors and an increased threat to organizations globally.

EclecticIQ Researchers also assess the ransomware threat will continue to grow in 2022. The increase in professionalism of threat groups including improved victim assistance, and negotiation services; as well as evolving tactics such as targeting cloud infrastructure, supply chains and use of triple extortion (threaten to publicly release sensitive information, disrupt victim’s internet access, and inform victim partners, shareholder, and suppliers of the incident) all show that the RaaS ecosystem is growing. This growth is likely to mean targeting more organizations and causing greater damage across the globe.

Appendix:

  1. https://www.cisa.gov/uscert/ncas/alerts/aa22-055a.
  2. https://irp.fas.org/world/iran/mois-loc.pdf.
  3. https://www.washingtoninstitute.org/policy-analysis/irans-intelligence-organizations-and-transnational-suppression.
  4. https://www.ncsc.gov.uk/files/2021%20Trends%20show%20increased%20globalised%20threat%20of%20ransomware.pdf.

Structured Data

Find the Analyst Prompt and earlier editions in our public TAXII collection for easy use in your security stack.

TAXII v1 Discovery services: https://cti.eclecticiq.com/taxii/discovery

You may also download the content as eiq_json, stix1_2, stix2_1.

Please refer to our support page for guidance on how to access the feeds.

About EclecticIQ Threat Research

EclecticIQ is a global provider of threat intelligence, hunting and response technology and services. Headquartered in Amsterdam, the EclecticIQ Threat Research team is made up of experts from Europe and the U.S. with decades of experience in cyber security and intelligence in industry and government.

We would love to hear from you. Please send us your feedback by emailing us at research@eclecticiq.com.

Receive all our latest updates

Subscribe to receive the latest EclecticIQ news, event invites, and Threat Intelligence blog posts.

Explore all topics

© 2014 – 2024 EclecticIQ B.V.
EclecticIQ. Intelligence, Automation, Collaboration.
Get demo