CySecurity News - Latest Information Security and Hacking Incidents

Iran Based MuddyWater Attacks Israel Companies

What is MuddyWater?

A threat actor from Iran named “Muddy Water” (called by Microsoft MERCURY) has been elevating the abuse of Log4j2 vulnerabilities in SysAid applications to attack organizations in Israel. 

Microsoft security researchers released the news advisory and said on Thursday that they analyzed (with high confidence) that MERCURY’s observed operations were linked with Iran’s Ministry of Intelligence and Security (MOIS). 

On July 23 and 25, 2022, MERCURY was found using exploits against a vulnerable SysAid Server as its initial access vector. According to the observations from earlier campaigns and flaws found in victim environments, the researchers have assessed that the exploits used were most probably related to Log4j.2. 

Microsoft links attack to Iranian Hackers

Microsoft said it assesses with moderate confidence that MERCURY exploited remote code execution vulnerabilities in Apache Log4j 2 (also referred to as “Log4Shell”) in vulnerable SysAid Server instances the targets were running. MERCURY has used Log4j 2 exploits in past campaigns as well. 

MSTIC assesses with high confidence that MERCURY is coordinatin

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: