Iran’s ‘Quick Sand’ cyberattack on Israel by ‘MuddyWater’ revealed
This is part of a cycle of reports about cyberwarfare in the Middle East that escalated in April.
By SETH J. FRANTZMANIran attempted to carry out a cyberattack on Israel, according various reports, including by Al Ain media in the Gulf. The attack is one of many recent reports about cyberattacks. In May, a cyberattack on Iran’s Shahid Rajaee Port was reported, and another attack on Iran’s ports was reported on October 19. In July, more media reports revealed Iranian cyberattacks on Israel’s water infrastructure.This is part of a cycle of reports about cyberwarfare in the Middle East that escalated in April. An Israeli Institute for National Security Studies report noted that Israel’s water system was attacked by Iran on April 24 and 25. Iranian government agencies were targeted in a cyberattack, according to reports, on October 14.On October 15, Clear Sky Cyber Security posted that “during September 2020, we identified a new campaign targeting many prominent Israeli organizations. The campaign was attributed to the Iranian threat actor ‘MuddyWater’ (also known as TEMP.Zagros, Static Kitten and Seedworm). MuddyWater was previously exposed as a contractor for the IRGC (Islamic Revolutionary Guard Corps).”Operation “Quick Sand” was also reported at a Farsi website and re-reported by Al Ain. This operation aimed to “sabotage infrastructure and vital institutions.” The IranWire website, which was one source of the details, also noted that Israel’s cyber companies Profero and ClearSky had identified hacks by the Muddy Water group to put malware into Israeli companies. This was linked to the IRGC.Calcalist wrote that “according to the report’s findings, the attack used malware aimed at encrypting computers and blocking users from accessing them, similarly to a ransomware only without demanding money... The Iranian hacker group, dubbed MuddyWater, used a relatively new tactic in order to penetrate the Israeli companies’ security systems. Hacking has been yet another front in the ongoing digital war between Israel and the West against the Iranian Revolutionary Guards over the past several years.”The Al-Ain story asserts that the incident shows that Iran has started a new round of cyberattacks. It is “similar to the attacks this summer against the facilities of the Israel’s national water carrier.” The report says that a 2012 attack on Saudi Aramco’s facility known as “Shamoon” was similar to “Quick Sand.” The attacks on Israel used phishing schemes by sending PDF or Excel files via email. These downloaded ransomware known as “Thanos.” Many companies in the Middle East have been affected by extortion related to these attacks, the report says.Iran also seeks to “harm Israeli institutions” by getting them to download malicious software through a vulnerability that then lead to encryption of work and disrupts the institutions. The report says Clear sky and Profero stopped the attacks. The scale of the attacks go far beyond Israel, including some seven percent of the total attacks this year. Some 30 companies have been targeted. Iran’s Ministry of Intelligence is involved as well.The reports of the attack comes as Iran has received sanctions relief from an arms embargo and conducted air defense drills this week. Iran has been seeking to show off its new technological abilities, such as radar, in recent months. This is part of Tehran’s boast about its ability to get around US sanctions and develop indigenous capabilities.