AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyber Warfare fragments: attacks in Africa with MuddyC2Go

Under the radar: operational tactics and emerging tools of the MuddyWater group

Iranian hacker group MuddyWater has strengthened attacks on telecommunications in Africa, via a new system called MuddyC2Go. This system, managed remotely, facilitates cyber attacks and spreads through phishing emails or by exploiting vulnerabilities in outdated software. MuddyWater will try to remain undetected for as long as possible to achieve its goals.

This pill is also available in Italian language

An Iranian state actor known as MuddyWater has stepped up its attacks against the telecommunications sector in several African countries, employing a new command and control (C2) platform called MuddyC2Go. Also identified as Seedworm, and with other aliases such as Boggy Serpens and Cobalt Ulster, the group allegedly operates under the orders of the Iranian Ministry of Intelligence and Security (MOIS). The attacks are predominantly concentrated in the Middle East but, as reported by the Symantec Threat Hunter Team, have recently spread to Egypt, Sudan and Tanzania.

Features and usage of the MuddyC2Go framework

The MuddyC2Go framework, developed in Golang, was first identified by Deep Instinct as a successor to PhonyC2 and MuddyC3, but there are hints that suggest its use as early as 2020. Although the full breadth of its capabilities is not yet clear , comes with a PowerShell script that facilitates automatic connection to the C2 server managed by Seedworm, thus allowing remote access to the system without manual intervention.

Operational methods in recent attacks

Recent November 2023 assaults have shown the combined use of legitimate tools such as SimpleHelp and Venom Proxy, as well as custom keyloggers and other publicly available tools. MuddyWater's attack chains involve the use of phishing emails and the execution of known vulnerabilities in outdated applications, then continuing with reconnaissance, lateral movement and data collection activities within the victim networks.

MuddyWater's innovation and fulfillment strategy

While mixing proprietary tools, living-off-the-land techniques, and public tools, MuddyWater aims to evade detection to accomplish its strategic goals for as long as possible. Symantec highlights the group's constant innovation and development of its arsenal to remain covert, highlighting heavy use of PowerShell and related scripts as an indicator of suspicious activity. In parallel, an Israel-linked group known as Gonjeshke Darande (“Raider Hawk” in Persian) has claimed cyber sabotage acts affecting most gas stations in Iran, in response to regional aggression by the Islamic Republic and its affiliates .

Follow us on Twitter for more pills like this

12/19/2023 12:28

Marco Verro

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity