© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Iran threat group makes grand comeback, says analyst


The Iranian threat group MuddyWater has resurfaced – and it’s using new strategies to target countries in the Middle East and Central Asia, cyber analyst Vade warns.

Vade’s Chief Tech Officer Arien Gendre said the tactics, techniques, and procedures (TTP) it had observed over the past week entail “more innovative methods to bypass defenses like virus scanners and sandboxing to make it into users’ inboxes.”

MuddyWater is also using ZIP files to deliver payloads, a development that does not surprise Gendre in light of recent findings that these and RAR files have overtaken Office as the most popular way of sending malware to unsuspecting computer users.

“This reinforces the increased sophistication we’ve seen from threat actors in 2022,” said Gendre. “They’re developing more innovative methods to bypass defenses like virus scanners and sandboxing to make it into users’ inboxes. Second, we see MuddyWater using compromised corporate email accounts.”

Gendre adds that MuddyWater is using a legitimate-seeming email extension in the “from” field of scam messages used to send malware, increasing the chances of the victim falling for the deception.

Israel, Iraq, Egypt, Armenia, Qatar, Oman, Jordan, Azerbaijan, Tajikistan, and the United Arab Emirates have been targeted by MuddyWater, with Dropbox links or document attachments that use malicious URLs to steer victims toward the ZIP files.

MuddyWater has also compromised corporate email accounts to enable the delivery of the Syncro remote administration tool, allowing it to take control of a hijacked machine.

“While this may be a new tactic for MuddyWater, other threat actor groups such as Bat Loader have abused it in the past,” said Gendre. “It will be interesting to see how the TTPs of MuddyWater and other threat groups evolve in 2023, especially with the growing availability of AI tools and the increased abuse of archive files.”


More from Cybernews:

3.5m IP cameras exposed, with US in the lead

Eight men indicted for running “pump and dump” fraud scheme on Twitter and Discord

With new Tesla safety concerns, are we witnessing a rise of security hazards?

Royal ransomware: mysterious gang behind Silverstone Circuit attack

US Cybercrime index: which states suffer the most?

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked