{"id":220589,"date":"2026-03-05T13:53:00","date_gmt":"2026-03-05T18:53:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/05\/iran-intelligence-backdoored-us-bank-airport-networks-the-register\/"},"modified":"2026-03-06T09:10:12","modified_gmt":"2026-03-06T14:10:12","slug":"iran-intelligence-backdoored-us-bank-airport-networks-the-register","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/05\/iran-intelligence-backdoored-us-bank-airport-networks-the-register\/","title":{"rendered":"Iran intelligence backdoored US bank, airport networks \u2022 The Register"},"content":{"rendered":"<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/05\/mudywater_backdoor_us_networks\/\">Iran intelligence backdoored US bank, airport networks \u2022 The Register<\/a><\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/05\/mudywater_backdoor_us_networks\/\">https:\/\/www.theregister.com\/2026\/03\/05\/mudywater_backdoor_us_networks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-05 13:53:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.theregister.com\">www.theregister.com<\/a><\/p>\n<p>An Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS) has been embedded in multiple US companies&#8217; networks &#8211; including a bank, software firm, and airport, among others &#8211; since the beginning of February, with more activity in the days following the US and Israeli military strikes, according to security researchers.<\/p>\n<p>Symantec and Carbon Black&#8217;s threat hunting team told The Register that they uncovered the network activity, plus a previously unknown backdoor, after a third-party shared indicators of compromise linked to MuddyWater (aka Seedworm, Static Kitten).<\/p>\n<p>The FBI, US Cybersecurity and Infrastructure Security Agency (CISA), and UK National Cyber Security Centre (NCSC) say MuddyWater is part of the Iranian Ministry of Intelligence and Security (MOIS), and has been carrying out cyber campaigns on behalf of the Iranian intel agency since approximately 2018.<\/p>\n<p>One of those indicators &#8220;led to this cluster of attacks and allowed us to discover additional malware,&#8221; Brigid O Gorman, senior intelligence analyst with the Symantec and Carbon Black Threat Hunter Team, told The Register.<\/p>\n<p>In addition to the bank, airport, and software firm, the affected organizations include non-governmental organizations in both the US and Canada, the security researchers said in a Thursday intelligence report. Plus, the compromised software company supplies its tech to defense and aerospace industries among others, and has a presence in Israel.\u00a0<\/p>\n<p>According to the researchers, the Israeli operation appears to be the primary target, and a new backdoor they named Dindoor was found on the Israeli location\u2019s networks, plus those belonging to the US bank and a Canadian nonprofit.<\/p>\n<p>Already having a presence on US and Israeli networks prior to the current hostilities beginning places the threat group in a potentially dangerous&#8230;<\/p>\n<p><a href=\"https:\/\/www.theregister.com\/2026\/03\/05\/mudywater_backdoor_us_networks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran intelligence backdoored US bank, airport networks \u2022 The Register https:\/\/www.theregister.com\/2026\/03\/05\/mudywater_backdoor_us_networks\/ Publish Date: 2026-03-05 13:53:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":220590,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/regmedia.co.uk\/2026\/03\/02\/shutterstock_2726621377.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32],"class_list":["post-220589","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220589"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220589"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220589\/revisions"}],"predecessor-version":[{"id":220591,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220589\/revisions\/220591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220590"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}