The Cybersecurity and Infrastructure Security Agency and its partners advise organizations to implement protective measures against an advanced persistent threat from Iran’s government.
The MuddyWater APT group — also known as Earth Vetala, Seedworm, MERCURY, Static Kitten and TEMP.Zagros — has performed malicious cyber acts to government and commercial entities across defense, telecommunications, oil and local sectors, CISA said Thursday.
MuddyWater operates as a subordinate component of Iran’s intelligence and security ministry, which has received the APT group’s support through broad cyber campaigns since approximately 2018, according to CISA.
CISA, the FBI, U.S. Cyber Command and the U.K.’s national cybersecurity center have observed the group’s activity in North America, Europe, Africa and Asia.
These agencies, as well as the National Security Agency, recommend organizations inspect for compromise indicators, employ antivirus tools, patch all systems, apply multi-factor authentication and train employees to recognize phishing attempts.
CISA used Mitre’s Adversarial Tactics, Techniques and Common Knowledge or ATT&CK framework to develop the advisory.