AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cyber Warfare fragments: attacks in Africa with MuddyC2Go

Under the radar: operational tactics and emerging tools of the MuddyWater group

Iranian hacker group MuddyWater has strengthened attacks on telecommunications in Africa, via a new system called MuddyC2Go. This system, managed remotely, facilitates cyber attacks and spreads through phishing emails or by exploiting vulnerabilities in outdated software. MuddyWater will try to remain undetected for as long as possible to achieve its goals.

This pill is also available in Italian language

An Iranian state actor known as MuddyWater has stepped up its attacks against the telecommunications sector in several African countries, employing a new command and control (C2) platform called MuddyC2Go. Also identified as Seedworm, and with other aliases such as Boggy Serpens and Cobalt Ulster, the group allegedly operates under the orders of the Iranian Ministry of Intelligence and Security (MOIS). The attacks are predominantly concentrated in the Middle East but, as reported by the Symantec Threat Hunter Team, have recently spread to Egypt, Sudan and Tanzania.

Features and usage of the MuddyC2Go framework

The MuddyC2Go framework, developed in Golang, was first identified by Deep Instinct as a successor to PhonyC2 and MuddyC3, but there are hints that suggest its use as early as 2020. Although the full breadth of its capabilities is not yet clear , comes with a PowerShell script that facilitates automatic connection to the C2 server managed by Seedworm, thus allowing remote access to the system without manual intervention.

Operational methods in recent attacks

Recent November 2023 assaults have shown the combined use of legitimate tools such as SimpleHelp and Venom Proxy, as well as custom keyloggers and other publicly available tools. MuddyWater's attack chains involve the use of phishing emails and the execution of known vulnerabilities in outdated applications, then continuing with reconnaissance, lateral movement and data collection activities within the victim networks.

MuddyWater's innovation and fulfillment strategy

While mixing proprietary tools, living-off-the-land techniques, and public tools, MuddyWater aims to evade detection to accomplish its strategic goals for as long as possible. Symantec highlights the group's constant innovation and development of its arsenal to remain covert, highlighting heavy use of PowerShell and related scripts as an indicator of suspicious activity. In parallel, an Israel-linked group known as Gonjeshke Darande (“Raider Hawk” in Persian) has claimed cyber sabotage acts affecting most gas stations in Iran, in response to regional aggression by the Islamic Republic and its affiliates .

Follow us on WhatsApp for more pills like this

12/19/2023 12:28

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data