Iran's Cyber Security Threat Increases

Iran Focus

London, 16 Mar - Cyber security researchers have warned that Iranian-based cyber warfare group TEMP.Zagros, aka MuddyWater, is conducting the massive phishing campaign currently attacking both Asia and the Middle East.

This group have also significantly improved their technique, notably by using new backdoor entry tools, making them an even greater danger.

In a blog on Tuesday, FireEye researchers Sudeep Singh, Dileep Kumar Jallepalli, Yogesh Londhe and Ben Read wrote: “We observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East. In this campaign, the threat actor’s tactics, techniques and procedures shifted after about a month, as did their targets.”

Those targeted in the latest campaign, through the use of targeting scope, malicious macros, similarly-themed decoy materials, and malware, include Turkey, Pakistan, Tajikistan, and India.

This builds on other research into the group by Unit 42 and Trend Micro. On Monday, Trend Micro said that there appeared to be links between MuddyWater’s previous campaigns, documented by Unit 42 in November, and the current attacks, which trick targets into downloading infected documents that compromise their computer networks through bogus emails purporting to be from the National Assembly of Pakistan or the Institute for Development and Research in Banking Technology.

This indicates that these attacks are not isolated and will continue, which also indicates the involvement of the Iranian Regime in directing them. This current campaign has been running since January.

Sarah Hawley, the principal analyst at FireEye, said: “Given the type of entities targeted, we believe this activity is strategic in nature, primarily conducting reconnaissance and collection operations for geopolitical, defence, and economic data that could support nation-state interests and decision making… These factors, as well as the operation’s focus on geopolitical entities and targeting scope led us to assess with moderate confidence that this activity has a nexus to Iran.”

Cyber warfare is a key part of the Iranian Regime overall malign military plan. The Regime knows that it has neither the military nor economic power to take on other countries, especially the US and Saudi Arabia who have been frequent victims of Iran’s attacks in the past, and so it uses cyber warfare to gain information on their enemies capabilities, by targeting defence systems, or hamper their access to relevant data about Iran.

Much like the proxy militias that Iran has all over the Middle East, this malign military campaign allows Iran to attack other countries, while also being able to shift the blame onto someone else if they are caught.


North Khorasan Province, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Yazd, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Bandar Abbas, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Pasargadae, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Bandar Lengeh, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Isfahan, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran,Isfahan, Apr. 10, 2018. Farmers' Protest Rally Continues

Iran,Isfahan, Apr. 10, 2018. Farmers Stage Major Protest Gathering in Khourasgan Square

Iran – the Portrait of Khamenei and Khomeini Was Set on Fire


Ahvaz, 29 Mar, Peaceful Demonstration of People Faces With Brutal Clashes by the Security Forces

IRAN, AHVAZ, Mar 27&28 People Clash With Security Agents Who Wanted to Destroy Their Houses

WARNING - VULGAR LANGUAGE March 13 - Tehran, NW #Iran‌ Protesters Celebrating #FireFest and Clashing

Iran: Video Clip, Activists Setting Fire 2 Paramilitary Bassij Center in Lavasan, North Tehran. #Fir

March 13 - Qazvin, NW #Iran‌ Protesters Starting #FireFest, Defying Authorities Banning Such #4Shanb

Iranian Opposition Organises Protest Against Presence of Iranian Justice Minister at UN in Geneva

Iran - Feb 6: Protest by swindled investors of the Caspian investment fund in Rasht

Iran: Kian Tyre factory workers protest overdue wages

Iran Protests- Jan. 5, 2018 City of Tabriz, Protests Inside the Football Stadium

Iran Protests- 5 Jan 2018 - Crowd Chants Slogan Against State Security Forces