Collaborate Disseminate
New Backdoor ‘BugSleep’ Discovered in MuddyWater Phishing Attacks. Cybersecurity researchers uncover a custom-made backdoor used by the notorious… Continue reading Iran’s MuddyWater APT targets Saudis and Israelis with BugSleep Backdoor
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2023
For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2023
MuddyWater has been attacking targets around the world for years, according to the U.S. and other western governments.
The post Israel blames prolific Iranian-linked hacking group for February university hack appeared first on CyberScoop.
Continue reading Israel blames prolific Iranian-linked hacking group for February university hack
U.S. and U.K. government agencies called out Iranian government-affiliated hackers Thursday, accusing them of being behind cyber-espionage targeting the defense, local government, oil and natural gas and telecommunications sectors across the globe. The joint alert points a finger at MuddyWater, which the U.S. government for the first time last month attributed directly to Tehran. In the latest warning, the government agencies said that they have observed MuddyWater on the move in Africa, Asia, Europe and North America since 2018. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” reads the alert. The bulletin is the joint work of the the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the U.S. Cyber Command Cyber National Mission Force and the U.K.’s National Cyber Security Centre. MuddyWater has a long history of allegedly spying on primarily […]
The post FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group appeared first on CyberScoop.
Continue reading FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group
U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers. The samples, posted to VirusTotal early Wednesday afternoon, represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement. It’s Cyber Command’s first VirusTotal upload in nine months, according the the agency’s page on the site. Referring to the actors as “MuddyWater” — the moniker applied to some suspected Iranian government hacking activities dating back to at least 2015 — Cyber Command’s Cyber National Mission Force shared the samples “to better enable defense” against the attackers. Wednesday’s statement refers to MuddyWater as “a subordinate element” within the Iranian Ministry of Intelligence and Security (MOIS), an arm of the security apparatus focused on […]
The post U.S. Cyber Command shares new samples of suspected Iranian hacking software appeared first on CyberScoop.
Continue reading U.S. Cyber Command shares new samples of suspected Iranian hacking software
Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Continue reading Kaspersky Managed Detection and Response: interesting cases
Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Continue reading Kaspersky Managed Detection and Response: interesting cases
Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six months, according to research published Tuesday. The suspected espionage activity targeted organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos, according to the research from Symantec’s Threat Hunter Team. The “targeting and tactics are consistent with Iranian-sponsored actors,” researchers noted, but stopped short of tying the activity to the Iranian government. Some of the evidence shows a link to Seedworm — otherwise known as MuddyWater — a prolific hacking group with suspected ties to Iran known for concerted espionage efforts dating back to at least 2015. The group previously threatened to kill security researchers who stumbled across one of its command-and-control servers. Its operators have also focused on academia and the tourism industry in multiple countries earlier this year, and governments and other […]
The post Suspected espionage campaign targets telecoms, IT service firms in Middle East appeared first on CyberScoop.
Continue reading Suspected espionage campaign targets telecoms, IT service firms in Middle East
This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2021