Category Archives: MuddyWater

APT trends report Q1 2021

Posted on by

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. Continue reading APT trends report Q1 2021

Suspected Iranian hackers snooping on Middle Eastern targets anew

Posted on by

Hackers connected to Iran are on the loose again in the Middle East, instigating an apparent espionage campaign in five countries, Trend Micro said on Friday. The company concluded with moderate confidence that the MuddyWater hacking group, whose interests tend to align with the Iranian government’s, is behind the campaign. It’s an ongoing spearphishing effort aimed at government agencies, academia and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia and the United Arab Emirates, according to Trend Micro. The research confirms research from Anomali in February, and expands the range of named targets. MuddyWater has a history of going after Middle Eastern government agencies and academia along with a range of industries, and it has a reputation for persistent spy work. What’s different about this campaign, though, is that it doesn’t exhibit the usual competence MuddyWater has demonstrated, Trend Micro said. “While it possesses remote access capabilities, the attackers […]

The post Suspected Iranian hackers snooping on Middle Eastern targets anew appeared first on CyberScoop.

Continue reading Suspected Iranian hackers snooping on Middle Eastern targets anew

APT trends report Q3 2020

Posted on by

For more than three years, GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. This is our latest installment, focusing on activities that we observed during Q3 2020. Continue reading APT trends report Q3 2020

‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms

Posted on by

One of the most prolific cyber-espionage groups linked to Iran has used old tricks — and perhaps a new hacking tool — in dozens of attempts to breach government and telecommunications operators in the Middle East in recent months, security researchers said Wednesday. The hacking attempts have hit organizations in Iraq, Kuwait, Turkey and the United Arab Emirates, according to researchers at security provider Symantec. Iran has strategic interests in all of those countries. And the attackers appear to be trying to smuggle key data from the organizations they managed to breach. It’s a reminder that while other hacking teams associated with Tehran have gained notoriety for disruptive, data-wiping attacks against Middle East organizations, the group known as MuddyWater, or Seedworm, has been relentless in its spying efforts. “These actors are extremely focused in what they’re doing,” said Vikram Thakur, technical director at Symantec, a division of semiconductor and software maker Broadcom. “They’re not […]

The post ‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms appeared first on CyberScoop.

Continue reading ‘MuddyWater’ spies suspected in attacks against Middle East governments, telecoms

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Posted on by

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks. Continue reading Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing

Posted on by

Iran-linked hackers have been running spearphishing email campaigns against governmental organizations in Turkey, Jordan and Iraq in recent months in a likely effort to gather intelligence, according to research published Wednesday by Dell Secureworks. Most of the targeting, which Secureworks assesses to be focused on espionage, began before the U.S. military killed Qassem Soleimani, the leader of the Iran’s Quds Force, in Baghdad early January. But Alex Tilley, a senior researcher for Secureworks, told CyberScoop the spearphishing activity has increased since the killing. The research appears to align with information the FBI shared with industry in January, when it warned of an increase in Iranian “cyber reconnaissance activity.” The alert highlighted that Iranian hackers could be zeroing in on the defense industrial base, government agencies, academia and nongovernmental organizations. The campaign Secureworks’ Counter Threat Unit (CTU) has observed, with activity from mid-2019 to mid-January of 2020, has also targeted intergovernmental organizations and unknown entities in […]

The post Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing appeared first on CyberScoop.

Continue reading Cyber-espionage campaign in Middle East, Europe picked up speed after Soleimani killing

Researchers uncover new MuddyWater targeting of government, telecommunications entities

Posted on by

Undeterred by the reported dumping of its data online, an Iran-linked hacking group has been using malicious documents and files to target telecommunications organizations and impersonate government entities in Iraq, Pakistan, and Tajikistan, researchers said Thursday. The so-called MuddyWater group has been carrying out attacks in two stages against the targets, according to research published by Israeli company ClearSky Cyber Security. The first stage uses lure documents to exploit a known vulnerability in Microsoft Office that allows for remote code execution. The second stage lets the attackers communicate with hacked servers to download an infected file. “This is the first time MuddyWater has used these two vectors in conjunction,” ClearSky said in its research, which warned that just three antivirus engines were detecting the malicious documents analyzed. In one example, a document disguised as a United Nations development plan for Tajikistan was actually packed with malware. The malware was uploaded to VirusTotal, the […]

The post Researchers uncover new MuddyWater targeting of government, telecommunications entities appeared first on CyberScoop.

Continue reading Researchers uncover new MuddyWater targeting of government, telecommunications entities

Middle East-linked hacking group is working hard to mask its moves

Posted on by

A group that’s been linked to Iranian-based hackers has been working to obfuscate its activities to evade detection, according to new research from Cisco’s Talos researchers. The hackers, whose attacks are ongoing, are working to avoid host-based signatures and Yara signatures by using a Visual Basic for Applications (VBA) script, PowerShell stager attacks, and a separate command and control server, researchers write in a blog post. In some cases the group, which Talos has dubbed “BlackWater,” has been successful in avoiding detection mechanisms. Some of the code the group has used in its attacks is the same as that used by a group known as MuddyWater. Talos writes the code was used in attacks against Kurds in Turkey. This code overlap and the fact that BlackWater and MuddyWater have had similar targets, including those in Turkey, lead Talos researchers to report they have “moderate confidence” that the actors behind BlackWater […]

The post Middle East-linked hacking group is working hard to mask its moves appeared first on CyberScoop.

Continue reading Middle East-linked hacking group is working hard to mask its moves