CySecurity News – Latest Information Security and Hacking Incidents
Cisco Talos discovered a brand new malicious campaign of MuddyWater threat group which is targeting Turkish public and Turkish government entities, including the Scientific And Technological Research Council of Turkey — Tubitak.
According to the technical details, the campaign includes the use of malicious excel documents (XLS maldocs) and executables stored on a file hosting domain “snapfile[.]org”, PDFs to serve as the initial infection vector. These PDFs were designed in such a way as to look like legitimate documents sent from the Turkish Health and other officials.
“This campaign utilizes malicious PDFs, XLS files, and Windows executables to deploy malicious PowerShell-based downloaders acting as initial footholds into the target’s enterprise,” Cisco Talos researchers Asheer Malhotra and Vitor Ventura reported.
Famous for its attacks in the Middle East region, MuddyWater Advanced Persistent Threat (APT) is also known as Static Kitten, Seedworm, Mercury. The group has been active since at least 2017. However, the group attacked many entities in Central and Southwest Asia, as well as against numerous government and privately-owned organizations from Asia, Europe, and North America.
Besides, the group also targets telecommunications, cryptocurrency, oil, and airline industries. The cyber research unit has identified that the group uses a typical TTP and there’s heavy use of scripting in their infection chai
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: