New MuddyWater spear-phishing campaign hits several Asian countries

Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates have been targeted by Iran state-sponsored threat group MuddyWater, also known as TEMP.Zagros, Boggy Serpens, Mercury, Earth Vetala, Cobalt Ulster, Seedworm, and Static Kitten, in its latest spear-phishing attacks, The Hacker News reports. MuddyWater has leveraged Dropbox links or document attachments with a URL redirecting to a ZIP archive file as lures in its campaign, which also involved the use of compromised corporate email accounts, a Deep Instinct report showed. Attackers have also transitioned to Atera Agent after using installers for Remote Utilities and ScreenConnect in their archive files. Moreover, recent updates to the campaign have enabled the delivery of the Syncro remote administration tool, which could provide attackers total machine control to facilitate reconnaissance, additional backdoor delivery, and access sale to other threat actors. "A threat actor that has access to a corporate machine via such capabilities has nearly limitless options," said Deep Instinct researcher Simon Kenin.