December 9, 2022Rabbi LakshmananThreat Intelligence / Cyber ​​Attack

Iran related muddy water The attackers have been observed targeting several countries in the Middle East, Central and West Asia as part of a new spear-phishing campaign.

“This campaign has been confirmed to target Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan and the United Arab Emirates,” said Deep Instinct researcher Simon Kenin. increase. Said in technical articles.

MuddyWater, also known as Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, TEMP.Zagros, is said to be a sub-element within Iran’s Ministry of Information Security (MOIS).

Active since at least 2017, attacks launched by this spy group typically target the telecommunications, government, defense, and oil sectors.

cyber security

The current intrusion set follows MuddyWater’s long-standing tactic using phishing lures containing document attachments embedded with direct links to Dropbox or URLs pointing to ZIP archive files.

Note that the message was sent from a corporate email account that has already been compromised. put up for sale Darknet by webmail shops such as Xleet, Odin, Xmina, Lufix, etc. range from $8 to $25 per account.

The archive file previously contained installers for legitimate tools such as ScreenConnect and RemoteUtilities, but the attackers were observed to discreetly switch to Atera Agent in July 2022.

However, in a further sign that the campaign is being actively maintained and updated, the attack tactics have been tweaked again and offered another remote management tool called Syncro.

of Integrated MSP software It offers a way to take full control of the machine, allowing adversaries to conduct reconnaissance, deploy additional backdoors, and even sell access to other actors.

“An attacker who gains access to corporate machines through such functionality has almost limitless options,” said Kenin.

The findings are also newly discovered by Deep Instinct. Malware component Hired by a Lebanese-based group and tracked as Polonium in attacks aimed solely at Israeli organizations.

“Polonium is coordinating its operations with multiple tracked adversary groups affiliated with Iran’s Ministry of Information and Security (MOIS) based on victim overlap and the following common techniques and tools.” Microsoft pointed out in June 2022.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog