Iran intelligence backdoored US bank, airport networks • The Register
Iran intelligence backdoored US bank, airport networks • The Register
https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/
Publish Date: 2026-03-05 13:53:00
Source Domain: www.theregister.com
An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies’ networks – including a bank, software firm, and airport, among others – since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers.
Symantec and Carbon Black’s threat hunting team told The Register that they uncovered the network activity, plus a previously unknown backdoor, after a third-party shared indicators of compromise linked to MuddyWater (aka Seedworm, Static Kitten).
The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and UK National Cyber Security Centre (NCSC) say MuddyWater is part of the Iranian Ministry of Intelligence and Security (MOIS), and has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018.
One of those indicators “led to this cluster of attacks and allowed us to discover additional malware,” Brigid O Gorman, senior intelligence analyst with the Symantec and Carbon Black Threat Hunter Team, told The Register.
In addition to the bank, airport, and software firm, the affected organizations include non-governmental organizations in both the US and Canada, the security researchers said in a Thursday intelligence report. Plus, the compromised software company supplies its tech to defense and aerospace industries among others, and has a presence in Israel.
According to the researchers, the Israeli operation appears to be the primary target, and a new backdoor they named Dindoor was found on the Israeli location’s networks, plus those belonging to the US bank and a Canadian nonprofit.
Already having a presence on US and Israeli networks prior to the current hostilities beginning places the threat group in a potentially dangerous…
