What is MuddyWater?
Microsoft security researchers released the news advisory and said on Thursday that they analyzed (with high confidence) that MERCURY’s observed operations were linked with Iran’s Ministry of Intelligence and Security (MOIS).
On July 23 and 25, 2022, MERCURY was found using exploits against a vulnerable SysAid Server as its initial access vector. According to the observations from earlier campaigns and flaws found in victim environments, the researchers have assessed that the exploits used were most probably related to Log4j.2.
Microsoft links attack to Iranian Hackers
Microsoft said it assesses with moderate confidence that MERCURY exploited remote code execution vulnerabilities in Apache Log4j 2 (also referred to as “Log4Shell”) in vulnerable SysAid Server instances the targets were running. MERCURY has used Log4j 2 exploits in past campaigns as well.
MSTIC assesses with high confidence that MERCURY is coordinatin
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: