July 18, 2024 at 02:06AM MuddyWater, an Iranian cyber-espionage group, has shifted from using legitimate remote management software to deploying a custom backdoor implant known as BugSleep. This shift was prompted by the ineffectiveness of their previous approach. The group’s tactics involve phishing, deploying malicious PDFs, and targeting various government and critical industries in the … Read more
July 16, 2024 at 08:09PM MuddyWater, an Iranian government-linked cyber espionage group, has enhanced its malware with a custom backdoor, targeting Israeli organizations. Utilizing phishing lures, the group sends emails with malicious links, infecting victim devices with BugSleep malware. The evolving tactics and wider targeting pose challenges for detection and increase the group’s potential impact. … Read more
July 16, 2024 at 06:19AM Iranian threat actor MuddyWater has been using a new backdoor, diverging from its usual method of using legitimate remote monitoring and management (RMM) software. This was discovered by cybersecurity firms Check Point and Sekoia, who dubbed the malware BugSleep and MuddyRot. The attacks have targeted various countries and industries, with … Read more
April 12, 2024 at 06:15AM MuddyWater, an Iranian threat actor, has been linked to a new command-and-control (C2) infrastructure called DarkBeatC2. This comes after the deployment of various legitimate Remote Monitoring and Management (RMM) solutions in spear-phishing attacks. Additionally, Iranian threat actor Peach Sandstorm has been seen using a backdoor called FalseFont in attacks targeting … Read more
March 25, 2024 at 04:39AM Iran-affiliated threat actor MuddyWater launches a new phishing campaign targeting Israeli entities. They aim to deliver a Remote Monitoring and Management solution called Atera through malicious links in emails and PDF attachments. Another Iranian group, Lord Nemesis, breaches a software services provider, leading to a software supply chain attack on … Read more
December 20, 2023 at 12:33PM Iran-backed cyberespionage group, Seedworm, is targeting telecommunication organizations in North and East Africa, using tools like PowerShell, SimpleHelp, and Venom Proxy. Seedworm has been active since 2017 and previously linked to Iran’s MOIS. This group typically relies on spear-phishing emails containing various legitimate remote administration tools. Seedworm’s targets include government … Read more
December 19, 2023 at 07:15AM MuddyWater, an Iranian cyber espionage group affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has used a new command-and-control framework called MuddyC2Go in attacks on telecommunications sectors in Egypt, Sudan, and Tanzania. Symantec’s Threat Hunter Team, tracking the group as Seedworm, has observed the group’s use of various tools … Read more
November 9, 2023 at 06:39AM Iranian state-sponsored hacking group MuddyWater is using a new command-and-control framework called MuddyC2Go in attacks targeting Israel. The framework, written in Go programming language, is believed to have been in use since early 2020. MuddyC2Go generates PowerShell payloads for post-exploitation activities, and experts recommend close monitoring of PowerShell activity. Key … Read more
November 2, 2023 at 05:30AM MuddyWater, an Iranian nation-state actor, has launched a spear-phishing campaign targeting Israeli entities. This campaign deploys a legitimate remote administration tool from N-able called Advanced Monitoring Agent. While MuddyWater has previously used similar attack chains, this is the first time it has been observed using N-able’s software. The group is … Read more
October 20, 2023 at 09:24AM Symantec’s cybersecurity unit, Broadcom, has reported that the Iran-linked hacking group Crambus spent eight months infiltrating a Middle Eastern government’s compromised network. Crambus, also known as APT34 and MuddyWater, conducted espionage operations on behalf of the Iranian government. The attackers deployed various malware, including a PowerShell backdoor called PowerExchange, and … Read more