MuddyWater, an Iranian threat actor, has used a novel command-and-control (C2) infrastructure known as DarkBeatC2 in its the most recent attack. This tool joins a list of previously used systems, including SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go.
In a recent technical study, Deep Instinct security researcher Simon Kenin stated that, despite periodic modifications in remote administration tools or changes in C2 frameworks, MuddyWater’s strategies consistently follow a pattern.
MuddyWater, also known as Boggy Serpens, Mango Sandstorm, and TA450, is linked to Iran’s Ministry of Intelligence and Security (MOIS) and has been operational since at least 2017. The group orchestrates spear-phishing attacks, which result in the installation authorised Remote Monitoring and Management (RMM) solutions on compromised systems.
Prior intelligence from Microsoft connects the group to another Iranian threat cluster known as Storm-1084 (also known as DarkBit), which has been involved in devastating wiper assaults against Israeli entities.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: