• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

CISA Issues MuddyWater Warning

You are here: Home / General Cyber Security News / CISA Issues MuddyWater Warning
February 25, 2022

Authorities in the UK and United States have issued an alert regarding a team of Iranian federal government-sponsored state-of-the-art persistent risk (APT) actors known as MuddyWater.

The actors, who are also identified as Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, have been observed conducting cyber espionage and other destructive cyber functions in Asia, Africa, Europe and North The usa.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A joint alert issued on Thursday by CISA, the FBI, NSA, US Cyber Command Cyber Countrywide Mission Force and the UK’s Countrywide Cyber Security Centre, warned that MuddyWater has been concentrating on a array of government and private sector organizations across multiple industries which includes telecommunications, protection, regional federal government and oil and purely natural gas.

Given that approximately 2018, MuddyWater has carried out wide cyber strategies less than the auspices of the Iranian Ministry of Intelligence and Security (MOIS), furnishing stolen knowledge and accesses both to the Iranian government and other destructive cyber actors.

“MuddyWater actors are recognized to exploit publicly documented vulnerabilities and use open-resource equipment and strategies to acquire entry to sensitive data on victims’ devices and deploy ransomware,” states the inform. 

“These actors also maintain persistence on target networks via ways such as facet-loading dynamic hyperlink libraries (DLLs) – to trick authentic applications into working malware – and obfuscating PowerShell scripts to conceal command and handle (C2) functions.”

Not long ago, MuddyWater actors have been noticed utilizing various malware sets including PowGoop, Little Sieve, Cover/Starwhale, Mori and POWERSTATS for loading malware, backdoor accessibility, persistence and exfiltration.

The APT actors have also tried to obtain accessibility to sensitive govt and industrial networks as a result of a spearphishing campaign that coaxes victims into downloading ZIP documents. Target unwittingly download either an Excel file with a destructive macro that communicates with the actor’s C2 server or a PDF file that drops a malicious file on to the victim’s network.

James McQuiggan, security awareness advocate at KnowBe4, recommended email customers to “carry out a rapid checklist of ‘Do I know this particular person,’ ‘Am I expecting this email,’ ‘Is the ask for uncommon and contrary to the sender’ and ‘Is there a feeling of urgency’ to the request?”

He extra: “Answering these concerns unfavorably should really set off the user to examine the email a minimal closer and report to their IT or InfoSec teams.”


Some sections of this report are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News UK Announces New Measures to Tackle Online Trolls
Next Post: New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors new "sockdetour" fileless, socketless backdoor targets u.s. defense contractors»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.