Two Israeli organizations have been targeted by Iranian state-backed threat operation MuddyWater, also known as Mango Sandstorm and Static Kitten, in a new spear-phishing campaign that distributed N-able's Advanced Monitoring Agent remote administration tool, according to The Hacker News.
MuddyWater's latest campaign, which was similar to the group's previous attacks deploying other remote access tools, involved phishing emails using an official Israeli Civil Service Commission memo as a lure, which redirected targets to an archive hosted on the new Storyblok file-sharing service, which featured an infection-initiating LNK file, an executable for Advanced Monitoring Agent execution, and hidden files, a report from Deep Instinct revealed.
"After the victim has been infected, the MuddyWater operator will connect to the infected host using the legitimate remote administration tool and will start doing reconnaissance on the target," said Deep Instinct.
MuddyWater has also been observed using the new MuddyC2Go command-and-control framework in its latest campaign, indicating the continuously advancing cyber capabilities of Iran.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.