This cyber espionage group (MuddyWater) is believed to be outside of Iran and is known for targeting telecommunications providers and government agencies in the Middle East. This group has increased its malware arsenal since its creation in 2017 or at least it is believed that it has been active since that date. This group is known for creating software to attack Android devices as well as creating new backdoor malware to spy on their targets, and they have also been discovered using false flag tactics to mislead investigators.
In addition, in their recent malicious activities, MuddyWater carried out events in the Middle East and the surrounding areas in which they used the remote management tools ScreenConnect and RemoteUtilities. The researchers who discovered this threat called Trend Micro called these intrusion tools Earth Vetala.
Earth Vetala uses emails launched with embedded links that point to legitimate file sharing services and are used to distribute malicious software packages. The links are embedded in decoy documents and emails, and the researchers noted that the strategies and techniques used in the two campaigns to distribute RemoteUtilities and ScreenConnect were roughly similar. They stated that the targets of the new campaign were primarily organizations located in Azerbaijan, Bahrain, Israel, Saudi Arabia and the United Arab Emirates.
Check also:
BlackMatter new threat group emerges
Magecart group targeting online shopping
[…] read:MuddyWater – A cybercriminal group since 2017StrongPity infamous group of […]