HQ/EMEAFind out how we can help your business
The notorious Iranian-backed cybercriminal organisation MuddyWater is currently using a new technique in its latest malicious operation.
This advanced persistent threat (APT) group has been active since 2017 and primarily targets companies in the Middle East, Europe, and North America. It actively uses legitimate remote monitoring and management (RMM) software to hack targeted entities.
Some of their most common targets include political institutions, military organisations, telecom businesses, and oil companies.
MuddyWater has weaponised the RMM software tool.
The MuddyWater APT has taken a liking to the RMM software since it is intended for IT support and maintenance and can provide remote access and control capabilities. This behaviour from the group that weaponises useful software is not new since it has been notorious for abusing popular RMM tools such as Remote Utilities, ScreenConnect, and Atera Agent to carry out its malicious actions.
Researchers also noted that the MuddyWater tactics typically start with a professionally prepared phishing email. These emails, which frequently contain attachments posing as Arabic documents, deceive incompetent or unwary victims into providing them access to their systems.
Once a user opens the MuddyWater email, it discreetly installs the malicious RMM software, thereby granting the attackers access to the infected device. Subsequently, once inside the system, the hackers can run commands, upload and download files, and travel about the network undetected.
This elusive approach allows this APT group to execute espionage campaigns, acquire critical data, and potentially inflict substantial disruptions to a targeted entity.
Using legitimate software for harmful purposes shows how attackers can constantly innovate their attacks to be more efficient in accomplishing their objectives. Hence, traditional security systems may struggle to spot, mitigate, and prevent these assaults since the exploited software solutions are not intrinsically hostile to various users.
Therefore, researchers advise organisations to be wary of such threats and be updated on the latest trends in the cybercriminal landscape. Training employees in identifying phishing operations and the dangers of accessing unknown or unsolicited files or links is also critical.
Lastly, maintaining the proper updates for software solutions and robust endpoint protection can also significantly lessen the chances of exploits and infection campaigns from malicious threat groups.
