Skip to main content

Pentagon says Iran is behind MuddyWater hacking group

Iranian intelligence is behind a group of cyber-attackers that have targeted private and government organizations across the Middle East.
Nakasone cyber

The United States military identified Iranian intelligence as being behind a group of hackers widely known as MuddyWater on Wednesday, confirming previous reports by private cybersecurity groups.

MuddyWater has reportedly attacked both government and private enterprise networks in the Middle East, but has also targeted organizations in the United States.

The group, also believed to be known as Seedworm, Static Kitten, TEMP.Zagros and MERCURY, has reportedly targeted government, telecom and NGO organizations in Israel, Saudi Arabia, Turkey, Jordan, Iraq, the United Arab Emirates, Pakistan and Georgia as far back as 2017.

In September 2020, MuddyWater launched a broad ransomware campaign known as Operation Quick Sand targeting prominent Israeli organizations. The attack was identified by Israeli firm Clear Sky Cyber Security, and carried out in part via emailed PDF and Excel files.

“MuddyWater is a subordinate element within the Iranian Ministry of Intelligence and security,” Cyber Command said in a statement today.

The US agency also publicly identified a number of open-source tools used by Iranian intelligence, to help network operators identify possible Iranian attacks.

Iran has been engaged in a quiet cyberwar with its adversaries, particularly Israel and the United States. The conflict has heated up since the Donald Trump administration ramped up pressure on Tehran and walked out of the 2015 nuclear agreement in 2018.

In November, the US Department of Homeland Security, along with the UK and Australian governments, warned of widespread cyberattacks by the Iranian government. Some of the attacks targeted transportation networks and hospitals in the US, the DHS’s Cybersecurity and Infrastructure Security Agency said.

Washington’s top general, Chairman of the Joint Chiefs of Staff Gen. Mark Milley, said that month that the Pentagon’s systems are regularly hit with an “astronomical” number of attacks, though the overall success of Iranian cyberattacks on US targets remains unclear.

US Cyber Command adopted a new doctrine in 2018 known as “defend forward,” or preemptively disrupting cyberattacks on networks as far from the US homeland as possible.

“We’re in competition every day,” the head of the US National Security Agency, Gen. Paul Nakasone, said at the Aspen Security Forum in November. 

“We had a new strategy that said, Hey, we’re going to operate outside the United States, and we’re going to look for adversaries that might be trying to do us harm. We’re not going to just watch anymore.”

Join hundreds of Middle East professionals with Al-Monitor PRO.

Business and policy professionals use PRO to monitor the regional economy and improve their reports, memos and presentations. Try it for free and cancel anytime.

Already a Member? Sign in


The Middle East's Best Newsletters

Join over 50,000 readers who access our journalists dedicated newsletters, covering the top political, security, business and tech issues across the region each week.
Delivered straight to your inbox.


What's included:
Our Expertise

Free newsletters available:

  • The Takeaway & Week in Review
  • Middle East Minute (AM)
  • Daily Briefing (PM)
  • Business & Tech Briefing
  • Security Briefing
  • Gulf Briefing
  • Israel Briefing
  • Palestine Briefing
  • Turkey Briefing
  • Iraq Briefing

Premium Membership

Join the Middle East's most notable experts for premium memos, trend reports, live video Q&A, and intimate in-person events, each detailing exclusive insights on business and geopolitical trends shaping the region.

$25.00 / month
billed annually

Become Member Start with 1-week free trial
What's included:
Our Expertise AI-driven

Memos - premium analytical writing: actionable insights on markets and geopolitics.

Live Video Q&A - Hear from our top journalists and regional experts.

Special Events - Intimate in-person events with business & political VIPs.

Trend Reports - Deep dive analysis on market updates.

Text Alerts - Be the first to get breaking news, exclusives, and PRO content.

All premium Industry Newsletters - Monitor the Middle East's most important industries. Prioritize your target industries for weekly review:

  • Capital Markets & Private Equity
  • Venture Capital & Startups
  • Green Energy
  • Supply Chain
  • Sustainable Development
  • Leading Edge Technology
  • Oil & Gas
  • Real Estate & Construction
  • Banking

We also offer team plans. Please send an email to and we'll onboard your team.

Already a Member? Sign in

Start your PRO membership today.

Join the Middle East's top business and policy professionals to access exclusive PRO insights today.

Join Al-Monitor PRO Start with 1-week free trial