Iranian state hacker group linked to ransomware deployments

Security researchers said they found clues linking recent attacks with the Thanos ransomware to a group of Iranian state-sponsored hackers. While investigating security incidents at several Israeli prominent organizations, security researchers from ClearSky and Profero said they linked the intrusions Read More …

ZeroLogon: Ransomware gang now using critical Windows flaw in attacks

Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoing attacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September. This time, Read More …

MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools

We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed Read More …

I know what you did last summer, MuddyWater blending in the crowd

MuddyWater is an APT with a focus on governmental and telco targets in the Middle East (Iraq, Saudi Arabia, Bahrain, Jordan, Turkey and Lebanon) and also a few other countries in nearby regions (Azerbaijan, Pakistan and Afghanistan). MuddyWater first surfaced Read More …

New PowerShell-based Backdoor Found in Turkey, Strikingly Similar to MuddyWater Tools

MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that Read More …