Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
The MuddyWater APT Group Adds New Tools to Their Arsenal
#1
Quote:The Iranian MuddyWater cyber-espionage group added new attack vectors to use as part of hacking campaigns targeting telecommunication and governmental organizations according to an analysis from the Clearsky Security threat intelligence outfit.
 
This happened despite the advanced persistent threat (APT) group — or government-backed hacking group — having screenshots of their server backends and one of their command-and-control (C2) server's codebase leaked via a Telegram channel during early-May. 
 
MuddyWatter actors have supplemented their tactics, techniques, and procedures (TTPs) with new decoy macro-powered Microsoft Word documents that drop payloads via compromised servers and new documents designed to leverage the tried-and-true CVE-2017-0199 also known as Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.
 
The documents which deliver VBA macros to the targets' computers will download a second stage malware payload camouflaged as JPG files from hacked servers located in the same countries as the potential victims. 

The ones designed to exploit CVE-2017-0199 "were identified by only three antivirus engines. This is in stark comparison to a previous attack we reported on, in which the documents were identified 32 times," says the Clearsky Security report.

SOURCE: https://www.bleepingcomputer.com/news/se...r-arsenal/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AWZ Screen Recorder
AWZ Screen Recorder ...zevish — 11:05
Website X5 Go 2024.1
Website X5 Go 2024.1...zevish — 09:32
Apple's rules to allow third-party app ...
Apple has announ...alison30 — 09:28
Intel: Microsoft AI PCs need a Copilot K...
Microsoft hopes th...harlan4096 — 08:55
Synchredible 8 Professional Edition v8.2...
          Synchredib...zevish — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>