• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel

You are here: Home / General Cyber Security News / Iran-Based MuddyWater Targets Log4j 2 Vulnerabilities in SysAid Apps in Israel
August 26, 2022

Iran-based mostly threat actor MuddyWater (tracked by Microsoft as MERCURY) has been leveraging the exploitation of Log4j 2 vulnerabilities in SysAid purposes to concentrate on organizations in Israel.

The information arrives from a new advisory from Microsoft’s security researchers, who said on Thursday they could assess with higher confidence that MERCURY’s observed exercise was affiliated with Iran’s Ministry of Intelligence and Security (MOIS).

“On July 23 and 25, 2022, MERCURY was observed applying exploits in opposition to susceptible SysAid Server occasions as its preliminary accessibility vector,” Microsoft wrote. “Based on observations from previous strategies and vulnerabilities uncovered in goal environments, [we] evaluate that the exploits employed were being most most likely associated to Log4j 2.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


In reality, the novel marketing campaign noticed by the Microsoft Risk Intelligence Centre (MSTIC) and Microsoft 365 Defender Analysis Team differs from prior MERCURY kinds as it is the initially a person in which the group exploits SysAid apps as a vector for preliminary obtain.

“Following attaining accessibility, MERCURY establishes persistence, dumps credentials, and moves laterally inside of the specific corporation using both equally customized and perfectly-known hacking equipment, as well as constructed-in functioning technique applications for its hands-on-keyboard attack,” reads the advisory.

Microsoft also involved a checklist of prevalent procedures and tooling employed by MERCURY, which involve spearphishing, along with systems these types of as the Venom proxy resource, the Ligolo reverse tunneling technique and dwelling-developed PowerShell packages.

Microsoft confirmed it notified consumers that have been specific or compromised, supplying them with the information and facts desired to protected their accounts. The enterprise has also supplied a list of indicators of compromise (IOCs) linked to MERCURY’s action.

“We stimulate our customers to look into these indicators in their environments and put into practice detections and protections to recognize previous connected exercise and stop upcoming attacks towards their methods.”

Microsoft is not the very first entity associating MERCURY with Iranian point out actors. Before this year, both of those U.K. and U.S. governments issued warnings connecting the team with the state’s MOIS.


Some areas of this short article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News TeamTNT Targeted Cloud Instances and Containerized Environments For Two Years
Next Post: Ransomware Attacks are on the Rise ransomware attacks are on the rise»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.