December 19, 2023 at 07:15AM
MuddyWater, an Iranian cyber espionage group affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has used a new command-and-control framework called MuddyC2Go in attacks on telecommunications sectors in Egypt, Sudan, and Tanzania. Symantec’s Threat Hunter Team, tracking the group as Seedworm, has observed the group’s use of various tools and tactics in its attacks. Additionally, an Israel-linked group called Gonjeshke Darande claimed responsibility for disrupting gas pumps throughout Iran in response to regional aggression.
From the meeting notes, the key takeaways are:
1. The Iranian nation-state actor MuddyWater has utilized a newly discovered command-and-control (C2) framework called MuddyC2Go in cyber attacks on the telecommunications sector in Egypt, Sudan, and Tanzania.
2. MuddyWater is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been active since at least 2017, primarily targeting entities in the Middle East.
3. Symantec Threat Hunter Team is tracking the activity under the name Seedworm and has noted the group’s use of MuddyC2Go, alongside other tools like SimpleHelp, Venom Proxy, and a custom keylogger, indicating a complex and evolving attack methodology.
4. The group has been known to weaponize phishing emails and exploit known vulnerabilities in unpatched applications for initial access, followed by reconnaissance, lateral movement, and data collection.
5. Additionally, the notes mention the disruptive cyber attack claimed by the Israel-linked group Gonjeshke Darande, targeting gas pumps in Iran in response to the “aggression of the Islamic Republic and its proxies in the region.”
6. Symantec highlighted the group’s continued innovation and development of its toolset, emphasizing the need for organizations to be aware of suspicious use of PowerShell on their networks.
These takeaways highlight the evolving nature of cyber threats and the need for vigilance and proactive defense measures within the telecommunications and related sectors.