Threat Management, Distributed Workforce, Email security

New MuddyWater spear-phishing campaign hits several Asian countries

Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates have been targeted by Iran state-sponsored threat group MuddyWater, also known as TEMP.Zagros, Boggy Serpens, Mercury, Earth Vetala, Cobalt Ulster, Seedworm, and Static Kitten, in its latest spear-phishing attacks, The Hacker News reports. MuddyWater has leveraged Dropbox links or document attachments with a URL redirecting to a ZIP archive file as lures in its campaign, which also involved the use of compromised corporate email accounts, a Deep Instinct report showed. Attackers have also transitioned to Atera Agent after using installers for Remote Utilities and ScreenConnect in their archive files. Moreover, recent updates to the campaign have enabled the delivery of the Syncro remote administration tool, which could provide attackers total machine control to facilitate reconnaissance, additional backdoor delivery, and access sale to other threat actors. "A threat actor that has access to a corporate machine via such capabilities has nearly limitless options," said Deep Instinct researcher Simon Kenin.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.