July 15, 2024 at 02:32PM
The MuddyWatter hacking group has developed a new custom-tailored malware implant called BugSleep. It is distributed through phishing emails disguised as invitations to webinars or online courses. The malware is injected into various apps and is actively being developed, indicating a trial-and-error approach. MuddyWatter has shifted to using BugSleep instead of legitimate Remote Management Tools and targets various organizations globally.
Based on the meeting notes, here are the key takeaways:
– The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant called BugSleep for stealing files and running commands on compromised systems.
– BugSleep is still actively being developed and is being distributed via well-crafted phishing lures, often disguised as invitations to webinars or online courses.
– The campaign pushes the malware via phishing emails redirecting the targets to archives containing malicious payloads hosted on the Egnyte secure file-sharing platform.
– Some versions found in the wild also come with a custom malware loader designed to inject it into the active processes of several apps.
– MuddyWatter has switched from using legitimate Remote Management Tools (RMM) like Atera Agent and Screen Connect to maintain access to victims’ networks with the switch to BugSleep.
– The attacks focus on a wide range of targets worldwide, from government organizations and municipalities to airlines and media outlets, with particular focus on Israel and some in Turkey, Saudi Arabia, India, and Portugal.
– MuddyWatter is known for targeting Middle Eastern entities, with a focus on Israeli targets, and has expanded its attacks to include cyber-espionage campaigns against government and defense entities in Central and Southwest Asia, as well as organizations from North America, Europe, and Asia.
– In January 2022, the U.S. Cyber Command officially linked MuddyWatter to Iran’s Ministry of Intelligence and Security, and a new Python backdoor called Small Sieve was exposed a month later.
These takeaways summarize the essential points from the meeting notes. Let me know if you need any further information or assistance.