Iran intelligence backdoored US bank, airport, software outfit networks

An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies' networks - including a bank, software firm, and airport, among others - since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers.

Symantec and Carbon Black's threat hunting team told The Register that they uncovered the network activity, plus a previously unknown backdoor, after a third-party shared indicators of compromise linked to MuddyWater (aka Seedworm, Static Kitten).

The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and UK National Cyber Security Centre (NCSC) say MuddyWater is part of the Iranian Ministry of Intelligence and Security (MOIS), and has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018.

One of those indicators "led to this cluster of attacks and allowed ...