According to a joint release by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the US Cyber Command Cyber National Mission Force (CNMF), and the United Kingdom’s National Cyber Security Centre (NCSC) they have witnessed an Iranian government-sponsored campaign known as MuddyWater. The goal of this campaign is to deploy malware and steal passwords from multiple organizations, industries, and countries around the globe. The group typically uses a phishing lure to begin their attack and tries to coax an employee of the target company to download an Excel file with malicious macros. From there, the threat actors used various types of malware to infect the company and steal sensitive data including passwords. Threat actors have also been seen using old vulnerabilities to make their way into networks and download malware. The different types of malware used can be found in the source article.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased