Information security, technology, and manufacturing organizations across Israel have been targeted with a new phishing campaign by Iranian state-sponsored threat operation MuddyWater, also known as TA450 and Mango Sandstorm, involving Atera Agent remote monitoring and management tool deployment earlier this month, reports The Hacker News.
Attacks commenced with the delivery of malicious emails with PDF attachments linking to file-sharing site-hosted documents, which when opened fetches an MSI installer-containing ZIP archive that prompts Atera Agent installation, according to a report from Proofpoint. "While this method is not foreign to TA450, the threat actor has more recently relied on including malicious links directly in email message bodies instead of adding in this extra step," said researchers. Such a development follows an OP Innovate report detailing Iranian hacktivist operation Lord Nemesis' compromise of software services provider Rashim Software to facilitate a software supply chain attack against academic institutions in Israel.
