Threat Intelligence
MuddyWater attacks against Israel involve novel C2 framework
Share
Attacks deployed by Iranian state-backed threat operation MuddyWater against Israel saw the utilization of the new MuddyC2Go command-and-control framework, which replaced the PhonyC2 custom platform following the exposure of its source code, reports The Hacker News.
While MuddyWater continues to commence intrusions with spearphishing emails, the group has transitioned to using password-protected archives for deploying an executable, rather than a remote administration tool, which included a PowerShell script enabling automated linking to the MuddyC2Go server, according to a Deep Instinct report. Such a process, which makes manual operator execution unnecessary, is then followed by MuddyC2Go delivery of a PowerShell script before waiting for additional commands, said researcher Simon Kenin.
The findings suggest that MuddyC2Go may be used for issuing PowerShell payloads to facilitate further system compromise.
"We recommend disabling PowerShell if it is not needed. If it is enabled, we recommend close monitoring of PowerShell activity," Kenin added.
Related Events
Related Terms
Account HarvestingBackdoorBlack HatBrute ForceDeauthentication AttackDenial of ServiceDictionary AttackDistributed ScansFault Line AttacksPassword CrackingGet daily email updates
SC Media's daily must-read of the most current and pressing daily news