MuddyWater – WindowsTechs.com

APT trends report Q3 2024

Posted on November 28, 2024 by GReAT

The report features the most significant developments relating to APT groups in Q3 2024, including hacktivist activity, new APT tools and campaigns. Continue reading APT trends report Q3 2024→

Iran’s MuddyWater APT targets Saudis and Israelis with BugSleep Backdoor

Posted on July 16, 2024 by Deeba Ahmed

New Backdoor ‘BugSleep’ Discovered in MuddyWater Phishing Attacks. Cybersecurity researchers uncover a custom-made backdoor used by the notorious… Continue reading Iran’s MuddyWater APT targets Saudis and Israelis with BugSleep Backdoor→

For more than five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2023→

APT trends report Q1 2023

Posted on April 27, 2023 by GReAT

Israel blames prolific Iranian-linked hacking group for February university hack

Posted on March 8, 2023 by AJ Vicens

MuddyWater has been attacking targets around the world for years, according to the U.S. and other western governments.

The post Israel blames prolific Iranian-linked hacking group for February university hack appeared first on CyberScoop.

Continue reading Israel blames prolific Iranian-linked hacking group for February university hack→

FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group

Posted on February 24, 2022 by Tim Starks

U.S. and U.K. government agencies called out Iranian government-affiliated hackers Thursday, accusing them of being behind cyber-espionage targeting the defense, local government, oil and natural gas and telecommunications sectors across the globe. The joint alert points a finger at MuddyWater, which the U.S. government for the first time last month attributed directly to Tehran. In the latest warning, the government agencies said that they have observed MuddyWater on the move in Africa, Asia, Europe and North America since 2018. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” reads the alert. The bulletin is the joint work of the the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the U.S. Cyber Command Cyber National Mission Force and the U.K.’s National Cyber Security Centre. MuddyWater has a long history of allegedly spying on primarily […]

The post FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group appeared first on CyberScoop.

Continue reading FBI, CISA, Cyber Command take aim at cyber-espionage by Iran’s MuddyWater group→

U.S. Cyber Command shares new samples of suspected Iranian hacking software

Posted on January 12, 2022 by AJ Vicens

U.S. Cyber Command posted more than a dozen malware samples to a public repository Wednesday, saying that if network administrators see two or more of these samples on their systems, they may have been targeted by Iranian military hackers. The samples, posted to VirusTotal early Wednesday afternoon, represent various “open-source tools Iranian intelligence actors are using in networks around the world,” the military agency said in a statement. It’s Cyber Command’s first VirusTotal upload in nine months, according the the agency’s page on the site. Referring to the actors as “MuddyWater” — the moniker applied to some suspected Iranian government hacking activities dating back to at least 2015 — Cyber Command’s Cyber National Mission Force shared the samples “to better enable defense” against the attackers. Wednesday’s statement refers to MuddyWater as “a subordinate element” within the Iranian Ministry of Intelligence and Security (MOIS), an arm of the security apparatus focused on […]

The post U.S. Cyber Command shares new samples of suspected Iranian hacking software appeared first on CyberScoop.

Continue reading U.S. Cyber Command shares new samples of suspected Iranian hacking software→

Kaspersky Managed Detection and Response: interesting cases

Posted on December 15, 2021 by Petr Mareichev, Sergey Soldatov

Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Continue reading Kaspersky Managed Detection and Response: interesting cases→

Kaspersky Managed Detection and Response: interesting cases

Posted on December 15, 2021 by Petr Mareichev, Sergey Soldatov

Suspected espionage campaign targets telecoms, IT service firms in Middle East

Posted on December 14, 2021 by AJ Vicens

Hackers targeted a string of telecommunication operators and IT service organizations in the Middle East and Asia over the last six months, according to research published Tuesday. The suspected espionage activity targeted organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos, according to the research from Symantec’s Threat Hunter Team. The “targeting and tactics are consistent with Iranian-sponsored actors,” researchers noted, but stopped short of tying the activity to the Iranian government. Some of the evidence shows a link to Seedworm — otherwise known as MuddyWater — a prolific hacking group with suspected ties to Iran known for concerted espionage efforts dating back to at least 2015. The group previously threatened to kill security researchers who stumbled across one of its command-and-control servers. Its operators have also focused on academia and the tourism industry in multiple countries earlier this year, and governments and other […]

The post Suspected espionage campaign targets telecoms, IT service firms in Middle East appeared first on CyberScoop.

Continue reading Suspected espionage campaign targets telecoms, IT service firms in Middle East→