Threats Feed
- Public
MuddyWater Resurfaces: Cyber Attacks Target Turkey, Pakistan, and Tajikistan
A new cyber-espionage campaign, bearing similarities to the earlier MuddyWater attacks, is targeting government organizations and telecommunication companies in Turkey, Pakistan, and Tajikistan. The campaign uses spear-phishing tactics with malicious documents, leveraging social engineering to trick victims into enabling macros and activating payloads. Visual Basic and PowerShell scripts are used, with obfuscation techniques employed to evade detection. The attackers also use persistence methods and engage in system owner/user discovery, collecting system information and taking screenshots before sending this data to a command-and-control server.
read more about MuddyWater Resurfaces: Cyber Attacks Target Turkey, Pakistan, and Tajikistan - Public
MuddyWater Targets Middle East Using POWERSTATS Backdoor
The research team at Palo Alto Networks has discovered a group of targeted cyber-attacks against the Middle East region that occurred between February and October 2017, carried out by "MuddyWater". These attacks are espionage-related. The group used a PowerShell-based first-stage backdoor called "POWERSTATS", which evolved slowly over time, and targeted countries including the USA and India, as well as those within the Middle East like Saudi Arabia, Iraq, Israel, and the United Arab Emirates. The group also used GitHub to host its backdoor.
read more about MuddyWater Targets Middle East Using POWERSTATS Backdoor - Public
Continuing MuddyWater Phishing Campaign Targets Middle East and Pakistan
MuddyWater group continues its cyber-espionage operations, leveraging obfuscated PowerShell scripts within Word documents to infiltrate systems. These documents masquerade as legitimate entities, such as the Federal Investigation Agency of Pakistan. The tactics include sophisticated obfuscation techniques and a careful reconnaissance strategy, primarily focusing on the Middle East and Pakistan. The campaign deploys a variety of tools, including C&C servers and proxies, with a detailed focus on avoiding detection by analysis tools.
read more about Continuing MuddyWater Phishing Campaign Targets Middle East and Pakistan - Public
Unveiling MuddyWater Phishing Campaign: Middle Eastern Governments in the Crosshairs
Entities in the Middle East, including Saudi Arabia and Iraq, were targeted by an early MuddyWater phishing campaign predominantly aimed at the government sector. Spear-phishing emails carrying malicious attachments were a key tactic, with PowerShell scripts being sourced from Pastebin and Filebin. To avoid detection, the attackers concealed their scripts. Upon examining the macro code and command and control scripts, parallels were found with a campaign previously discussed by Morphisec.
read more about Unveiling MuddyWater Phishing Campaign: Middle Eastern Governments in the Crosshairs