Shifting the focus to using legitimate software makes the group even more secretive and dangerous.
A new cyberattack tool developed by the Iranian hacker group MuddyWater, also known as Boggy Serpens, Mango Sandstorm and TA450, has been published online. Linked to Iran's Ministry of Intelligence and Security, the cybercrime group recently implemented a new "DarkBeatC2" management infrastructure in its operations, the latest addition to hackers ' arsenal after tools such as SimpleHarm and MuddyC2Go.
According to Simon Kenin, a researcher at Deep Instinct, despite the periodic change of remote administration tools and management frameworks, MuddyWater's methods remain unchanged.
Since 2017, the group has been actively using specially designed phishing attacks to deploy various remote monitoring and management solutions on compromised systems. The group's operations have repeatedly led to serious consequences, including devastating attacks on Israeli targets carried out with the help of other Iran-linked cybercrime groups.
One of the latest malicious campaigns recorded by researchers is phishing emails with malicious URLs. According to the researchers, in this attack, hackers used a compromised account associated with an Israeli educational institution, which created the illusion of legitimacy and trust in the sender.
In addition to using the new DarkBeatC2 domain, the group began using sophisticated methods to manage infected systems, including PowerShell scripts and mechanisms for loading malicious libraries through the system registry.
Researchers from Palo Alto Networks noted that to establish persistence in the system, MuddyWater uses tasks in the Windows scheduler, and using the DLL Sideloading method, the malware is directly launched and then connected to the DarkBeatC2 domain.
Also at the end of last month, it became known that MuddyWater actively uses legitimate software on compromised hosts instead of malicious software in order to avoid detection as long as possible after penetrating the target network.
Despite constant changes in tactics and tools, cybercrime groups such as MuddyWater continue to actively threaten the security of hundreds of organizations. Awareness and vigilance of employees, as well as continuous improvement of protection methods, can be an effective barrier to cybercriminals.
A new cyberattack tool developed by the Iranian hacker group MuddyWater, also known as Boggy Serpens, Mango Sandstorm and TA450, has been published online. Linked to Iran's Ministry of Intelligence and Security, the cybercrime group recently implemented a new "DarkBeatC2" management infrastructure in its operations, the latest addition to hackers ' arsenal after tools such as SimpleHarm and MuddyC2Go.
According to Simon Kenin, a researcher at Deep Instinct, despite the periodic change of remote administration tools and management frameworks, MuddyWater's methods remain unchanged.
Since 2017, the group has been actively using specially designed phishing attacks to deploy various remote monitoring and management solutions on compromised systems. The group's operations have repeatedly led to serious consequences, including devastating attacks on Israeli targets carried out with the help of other Iran-linked cybercrime groups.
One of the latest malicious campaigns recorded by researchers is phishing emails with malicious URLs. According to the researchers, in this attack, hackers used a compromised account associated with an Israeli educational institution, which created the illusion of legitimacy and trust in the sender.
In addition to using the new DarkBeatC2 domain, the group began using sophisticated methods to manage infected systems, including PowerShell scripts and mechanisms for loading malicious libraries through the system registry.
Researchers from Palo Alto Networks noted that to establish persistence in the system, MuddyWater uses tasks in the Windows scheduler, and using the DLL Sideloading method, the malware is directly launched and then connected to the DarkBeatC2 domain.
Also at the end of last month, it became known that MuddyWater actively uses legitimate software on compromised hosts instead of malicious software in order to avoid detection as long as possible after penetrating the target network.
Despite constant changes in tactics and tools, cybercrime groups such as MuddyWater continue to actively threaten the security of hundreds of organizations. Awareness and vigilance of employees, as well as continuous improvement of protection methods, can be an effective barrier to cybercriminals.
