An Iranian hacking group with links to the Intelligence Ministry has attacked high-profile targets in Turkey.

According to a report by tech news website ZDNet on Tuesday, the Iranian advanced persistent threat (APT) group MuddyWater has penetrated the Turkish health and interior ministries as well as private companies to gain access to customer data.

An APT is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.

Researchers at Cisco Talos Intelligence Group — one of the world’s largest commercial threat intelligence teams — said last week that the latest MuddyWater campaign dates to November 2021, when they sent phishing emails to many Turkish users.

The emails were spoofed to look they’re from the health and interior ministries and utilized malicious PDFs and Microsoft Office documents as an initial attack vector.

Since at least 2017, MuddyWater — also known as Mercury or Static Kitten — carried out attacks against organizations in the US, Israel, Europe, and the Middle East, including a months-long effort to breach government networks in Turkey, Jordan and Iraq.

Earlier in January, the US military officially confirmed that Iran’s intelligence ministry is connected to the cyber espionage group.

Earlier on Tuesday, the US State Department announced up to $10 million reward on two Iranian cyber actors for trying to interfere with the 2020 presidential election.

Source » iranintl