Iran MOIS Colludes With Criminals to Boost Cyberattacks

Iran's state intelligence has been using the cybercriminal underground to improve and hide its offensive cyber activity This article explores iranian ministry intelligence. . Hacktivism has long been a cover for Iran's Ministry of Intelligence and Security (MOIS) when it carries out cyberattacks.

For instance, on March 11, the Fortune 500 medical technology company Stryker was hit by a wiper attack. "Handala," a group that calls itself a pro-Palestine hacktivist group, said it was ready to help with the US-Iran war. It's actually a cover for Void Manticore, an advanced persistent threat (APT) that the Iranian Ministry of Intelligence and Security (MOIS) runs. Related: Chinese Nexus Actors Change your focus to Qatar during the Iranian conflict.

Shykevich says, for instance, "MuddyWater is not very advanced on a technical level."

Sending phishing emails and using remote monitoring and management (RMM) tools are the main things they do every day. They do have some malware, but none of it is new or cutting-edge. So in this case, it's not surprising that it's easier for them to pay $500 for a specific loader or certificates or whatever than to spend a year making some malware.

"Buying instead of building will be more appealing to Iranian APTs during wartime, when resources are limited and the need to cause more and more destruction is at an all-time high. ""Some of the Iranian actors are now desperate to some degree, and we see in some cases that their operational security is much lower," Shykevich says.