Iranian MOIS Actors & the Cyber Crime Connection

Iranian intelligence services are increasingly engaging with the cyber crime ecosystem, leveraging criminal tools, services, and operational models to support state objectives. This trend is particularly evident among actors linked to the Ministry of Intelligence and Security (MOIS), such as Void Manticore and MuddyWater. These actors are not merely imitating criminal behavior but actively associating with the cyber criminal ecosystem, using its infrastructure, malware, and affiliate-style relationships. This approach enhances their operational capabilities, complicates attribution, and contributes to confusion around Iranian threat activity. Examples include the use of ransomware branding, commercial infostealers, and overlaps with criminal malware clusters. This shift from imitation to active engagement with cyber crime offers both improved deniability and expanded technical capabilities for Iranian actors.

Pulse ID: 69b088d31d4ef8bf35564baa
Pulse Link: https://otx.alienvault.com/pulse/69b088d31d4ef8bf35564baa
Pulse Author: AlienVault
Created: 2026-03-10 21:10:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #InfoStealer #Iran #Malware #MuddyWater #OTX #OpenThreatExchange #RAT #RansomWare #bot #AlienVault

Unmasking an Attack Chain of MuddyWater

Pulse ID: 69b116de020ddc7f1ec36941
Pulse Link: https://otx.alienvault.com/pulse/69b116de020ddc7f1ec36941
Pulse Author: Tr1sa111
Created: 2026-03-11 07:16:46

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #MuddyWater #OTX #OpenThreatExchange #bot #Tr1sa111

Iran's MuddyWater hackers breached US organizations and an Israeli department of a software firm using phishing and a new backdoor dubbed #Dindoor - All this, despite the ongoing conflict.

Read: https://hackread.com/iran-muddywater-hackers-us-dindoor-backdoor/

#CyberSecurity #Iran #Israel #US #MuddyWater #Malware

Unmasking an Attack Chain of MuddyWater

An intrusion attributed to MuddyWater, an Iranian-linked APT, was identified in a customer environment. The attack involved initial access through RDP, establishing an SSH tunnel, and deploying malware via DLL side-loading. The threat actor used FMAPP.exe, a legitimate Fortemedia Inc. application, to load a malicious FMAPP.dll for C2 communications. The timeline of activities revealed typos in commands, suggesting manual typing by the attacker. The intrusion included reconnaissance efforts, attempts to verify tunnel functionality, and issues with initial C2 communication. The attack targeted an Israeli company, aligning with known MuddyWater tactics.

Pulse ID: 69abf37dfd9bfab829c9913e
Pulse Link: https://otx.alienvault.com/pulse/69abf37dfd9bfab829c9913e
Pulse Author: AlienVault
Created: 2026-03-07 09:44:29

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #ICS #InfoSec #Iran #Israel #Malware #MuddyWater #OTX #OpenThreatExchange #RDP #SSH #bot #AlienVault

MuddyWater Exposed: Inside an Iranian APT operation

Pulse ID: 69acdc94b7bc2b107f5b8c7a
Pulse Link: https://otx.alienvault.com/pulse/69acdc94b7bc2b107f5b8c7a
Pulse Author: Tr1sa111
Created: 2026-03-08 02:19:00

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Iran #MuddyWater #OTX #OpenThreatExchange #RAT #bot #Tr1sa111