MuddyWater cyber campaign adds new backdoors in latest wave of attacks
ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign that hits a range of organizations in Israel, with one confirmed victim in Egypt.
Researchers say the victims in Israel were in the technology, engineering, manufacturing, local government and educational sectors. The group is also known as Mango Sandstorm and TA450, and ESET attributes it to the Ministry of Intelligence and National Security of Iran. The new investigation centers on a collection of custom tools that MuddyWater operators used to improve defense evasion and maintain persistence.
One of the main findings is a new backdoor that researchers calls MuddyViper. According to the researchers, it enables attackers to collect system information, execute files and shell commands, transfer files and exfiltrate Windows login credentials and browser data. The operators also deployed other credential stealers.
Read more at Help Net Security