Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,177
- Points
- 113
What can a fresh backdoor targeting Israeli companies do?
Researchers at Check Point reported that the Iranian hacker group MuddyWater has stepped up its attacks on Israel using a previously undocumented backdoor called BugSleep.
Cybercriminals from MuddyWater often use phishing campaigns from compromised corporate email accounts, which leads to the installation of legitimate remote management tools such as Atera Agent and Screen Connect.
Check Point has been tracking MuddyWater's activities since 2019. Experts say that since October 2023, the group's attacks on Israel have increased significantly. Along with phishing campaigns aimed at installing remote management tools, hackers have recently started using a new BugSleep backdoor designed to attack Israeli organizations.
BugSleep was first seen in phishing baits in May of this year. Check Point researchers have discovered several versions of this malware at once. Apparently, the malware is currently under development, and the differences between the versions mainly relate to improving the functionality and eliminating errors.
The campaigns identified by the experts target various sectors, including governments, travel agencies, and journalists. The main target of hackers is Israeli companies, but organizations in Turkey, Saudi Arabia, India and Portugal are also attacked.
All industries attacked by hackers from February to June 2024
Since February of this year, Check Point specialists have detected more than 50 phishing emails targeting more than 10 sectors, including municipalities, journalists, and healthcare. The latest attack was aimed at Saudi and Israeli organizations: in the first case, the goal was to introduce a remote management tool, and in the second, the BugSleep backdoor.
The campaigns reviewed by the researchers reflect MuddyWater's interests, focusing on specific sectors such as airlines and media. Decoys have become easier since the beginning of the group's activities and have recently started to include unique malware developed by hackers. In addition, with the shift to more generic baits and increased use of the English language, the group was able to focus on a larger volume of attacks, rather than on specific narrowly targeted targets.
The evolution of cyber threats requires constant vigilance and adaptation of security measures. The growing complexity of hacker groups ' tactics, the development of new malware, and the expansion of the geography of attacks emphasize the need for international cooperation in the field of cybersecurity.
Organizations in all sectors should focus on employee training, security updates, and threat intelligence sharing to counter the growing sophistication of cyberattacks.
Source
Researchers at Check Point reported that the Iranian hacker group MuddyWater has stepped up its attacks on Israel using a previously undocumented backdoor called BugSleep.
Cybercriminals from MuddyWater often use phishing campaigns from compromised corporate email accounts, which leads to the installation of legitimate remote management tools such as Atera Agent and Screen Connect.
Check Point has been tracking MuddyWater's activities since 2019. Experts say that since October 2023, the group's attacks on Israel have increased significantly. Along with phishing campaigns aimed at installing remote management tools, hackers have recently started using a new BugSleep backdoor designed to attack Israeli organizations.
BugSleep was first seen in phishing baits in May of this year. Check Point researchers have discovered several versions of this malware at once. Apparently, the malware is currently under development, and the differences between the versions mainly relate to improving the functionality and eliminating errors.
The campaigns identified by the experts target various sectors, including governments, travel agencies, and journalists. The main target of hackers is Israeli companies, but organizations in Turkey, Saudi Arabia, India and Portugal are also attacked.
All industries attacked by hackers from February to June 2024
Since February of this year, Check Point specialists have detected more than 50 phishing emails targeting more than 10 sectors, including municipalities, journalists, and healthcare. The latest attack was aimed at Saudi and Israeli organizations: in the first case, the goal was to introduce a remote management tool, and in the second, the BugSleep backdoor.
The campaigns reviewed by the researchers reflect MuddyWater's interests, focusing on specific sectors such as airlines and media. Decoys have become easier since the beginning of the group's activities and have recently started to include unique malware developed by hackers. In addition, with the shift to more generic baits and increased use of the English language, the group was able to focus on a larger volume of attacks, rather than on specific narrowly targeted targets.
The evolution of cyber threats requires constant vigilance and adaptation of security measures. The growing complexity of hacker groups ' tactics, the development of new malware, and the expansion of the geography of attacks emphasize the need for international cooperation in the field of cybersecurity.
Organizations in all sectors should focus on employee training, security updates, and threat intelligence sharing to counter the growing sophistication of cyberattacks.
Source
